CVSSv3 07/04/2022

CVSSv3 Base

≤10
≤20
≤34
≤42
≤58
≤66
≤78
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤42
≤58
≤67
≤79
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤43
≤57
≤66
≤78
≤83
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤61
≤71
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2032094.34.3
 
 
 
 
WP Championship Plugin cross-site request forgery0.00CVE-2022-1967
2032084.34.3
 
 
 
 
Gallery Plugin AJAX Action cross site scripting0.03CVE-2022-1946
2032072.42.4
 
 
 
 
WP Contact Slider Plugin Text to Display Settings cross site scripting0.04CVE-2022-1301
2032063.53.5
 
 
 
 
Redirection for Contact Form 7 Plugin Attribute cross site scripting0.04CVE-2022-0250
2032052.42.4
 
 
 
 
Ninja Forms Contact Form Plugin Data Import cross site scripting0.03CVE-2021-25066
2032042.42.4
 
 
 
 
Ninja Forms Contact Form Plugin Field Label cross site scripting0.00CVE-2021-25056
2032034.74.7
 
 
 
 
Import any XML or CSV File to Plugin ZIP File code injection0.03CVE-2022-2268
2032025.45.3
 
5.5
 
 
hpjansson chafa buffer over-read0.04CVE-2022-2301
2032016.36.3
 
 
 
 
Cybozu Garoon Portal access control0.00CVE-2022-26051
2032004.93.5
 
6.3
 
 
Microweber cross site scripting0.05CVE-2022-2300
2031992.42.4
 
 
 
 
Cybozu Garoon cross site scripting0.00CVE-2022-29513
2031983.53.5
 
 
 
 
Cybozu Garoon cross site scripting0.00CVE-2022-27627
2031974.34.3
 
 
 
 
Cybozu Garoon Space denial of service0.06CVE-2022-29892
2031964.34.3
 
 
 
 
Cybozu Garoon Bulletin access control0.00CVE-2022-29471
2031955.35.3
 
 
 
 
Cybozu Garoon Scheduler improper authentication0.06CVE-2022-28713
2031945.45.4
 
 
 
 
Cybozu Garoon Scheduler access control0.00CVE-2022-28692
2031934.34.3
 
 
 
 
Cybozu Garoon Category access control0.05CVE-2022-27807
2031926.36.3
 
 
 
 
Cybozu Garoon Space access control0.00CVE-2022-27803
2031915.45.4
 
 
 
 
Cybozu Garoon Space access control0.00CVE-2022-29484
2031904.34.3
 
 
 
 
Cybozu Garoon Address information disclosure0.06CVE-2022-29467
2031896.36.3
 
 
 
 
Cybozu Garoon Bulletin access control0.00CVE-2022-28718
2031886.36.3
 
 
 
 
Cybozu Garoon behavioral workflow0.00CVE-2022-27661
2031876.36.3
 
 
 
 
Cybozu Garoon Cabinet access control0.00CVE-2022-26368
2031866.36.3
 
 
 
 
Cybozu Garoon Link access control0.00CVE-2022-26054
2031855.65.6
 
 
 
 
Omron NX7/NX1/NJ authentication replay0.06CVE-2022-33971
2031848.88.8
 
 
 
 
Home Spot Cube2 DHCP Server Reply os command injection0.18CVE-2022-33948
2031837.37.3
 
 
 
 
Omron NJ hard-coded credentials0.07CVE-2022-34151
2031825.65.6
 
 
 
 
Omron NJ authentication replay0.00CVE-2022-33208
2031816.56.5
 
 
 
 
Yokogawa AW810D VI461 denial of service0.06CVE-2022-32284
2031807.37.3
 
 
 
 
Ransom Lockbit Password stack-based overflow0.05
2031797.37.3
 
 
 
 
SourceCodester Clinics Patient Management System Login Page index.php sql injection0.09CVE-2022-2298
2031786.36.3
 
 
 
 
SourceCodester Clinics Patient Management System unrestricted upload0.09CVE-2022-2297

Do you want to use VulDB in your project?

Use the official API to access entries easily!