CVSSv3 07/13/2022

CVSSv3 Base

≤10
≤23
≤35
≤426
≤513
≤614
≤711
≤81
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤23
≤36
≤426
≤512
≤620
≤75
≤81
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤23
≤36
≤425
≤514
≤615
≤79
≤81
≤90
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤23
≤30
≤44
≤51
≤62
≤72
≤80
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2038255.35.3
 
 
 
 
VMware vCenter Server/Cloud Foundation URL Request server-side request forgery0.790.00885CVE-2022-22982
2038246.56.5
 
 
 
 
Linux Kernel sm712fb.c smtcfb_read out-of-bounds0.170.00885CVE-2022-2380
2038233.53.5
 
 
 
 
Rhonabwy JWE Token r_jwe_aesgcm_key_unwrap denial of service0.030.00885CVE-2022-32096
2038225.55.5
 
 
 
 
WolfSSH wolfSSH_SFTP_RecvRMDIR integer overflow0.050.00885CVE-2022-32073
2038213.53.5
 
 
 
 
osTicket Plugins SVG class.audit.php cross site scripting0.060.00890CVE-2022-32074
2038203.53.5
 
 
 
 
IBM i Web UI cross site scripting0.040.00885CVE-2022-34358
2038193.53.5
 
 
 
 
Transition Scheduler Add-on Project Name cross site scripting0.500.00885CVE-2022-32274
2038185.55.5
 
 
 
 
RuoYi Background Management Module unrestricted upload0.000.01549CVE-2022-32065
2038175.55.5
 
 
 
 
codecov popen Privilege Escalation0.000.00000CVE-2019-10800
2038163.53.5
 
 
 
 
Oxygen XML WebHelp Search Field cross site scripting0.040.00885CVE-2021-46827
2038153.53.5
 
 
 
 
vm2 recursion0.030.00000CVE-2019-10761
2038145.55.5
 
 
 
 
Apache Tapestry Content-Type org.apache.tapestry5.http.ContentType incorrect regex0.050.00885CVE-2022-31781
2038133.33.3
 
3.3
 
 
Samsung Smart Phone SecSoterService information disclosure0.100.00885CVE-2022-30753
2038122.02.0
 
 
 
 
Argo CD callback cross site scripting0.030.00890CVE-2022-31102
2038113.53.5
 
 
 
 
Mogu Blog cross site scripting0.070.00885CVE-2022-30517
2038104.84.3
 
5.4
 
 
svelte Attribute toString cross site scripting0.170.00890CVE-2022-25875
2038094.84.3
 
5.4
 
 
whoogle-search HTML Template error.html cross site scripting0.130.00890CVE-2022-25303
2038084.64.6
 
 
 
 
Nautilus Treadmill access control0.000.00890CVE-2022-35648
2038075.45.4
 
 
 
 
Samsung USB Driver Windows Installer for Mobile Phones integrity check0.000.00885CVE-2022-33711
2038065.35.3
 
 
 
 
Samsung Galaxy Store BillingPackageInsraller input validation0.000.00885CVE-2022-33710
2038055.35.3
 
 
 
 
Samsung Galaxy Store ApexPackageInstaller input validation0.000.00885CVE-2022-33709
2038045.35.3
 
 
 
 
Samsung Galaxy Store AppsPackageInstaller input validation0.130.00885CVE-2022-33708
2038034.14.1
 
 
 
 
Samsung Gallery S Pen Air Gesture access control0.040.00885CVE-2022-33706
2038025.75.3
 
6.2
 
 
Samsung Smart Phone Knoxguard improper authorization0.000.00885CVE-2022-33702
2038012.42.8
 
2.0
 
 
Samsung Smart Phone TelephonyUI putDsaSimImsi information disclosure0.000.00885CVE-2022-33700
2038002.42.8
 
2.0
 
 
Samsung Smart Phone TelephonyUI getDsaSimImsi information disclosure0.000.00885CVE-2022-33699
2037993.33.3
 
3.3
 
 
Samsung Smart Phone Telecom Application information disclosure0.000.00885CVE-2022-33698
2037983.33.3
 
3.3
 
 
Samsung Smart Phone ImsServiceSwitchBase log file0.000.00885CVE-2022-33697
2037973.63.3
 
4.0
 
 
Samsung Smart Phone Telephony unknown vulnerability0.070.00885CVE-2022-33696
2037963.33.3
 
 
 
 
Samsung Smart Phone CSC Application information disclosure0.130.00885CVE-2022-33694
2037952.42.8
 
2.0
 
 
Samsung Smart Phone CID Manager information disclosure0.800.00885CVE-2022-33693
2037923.53.5
 
 
 
 
SAP Enterprise Portal cross site scripting0.040.01440CVE-2022-35224
2037916.36.3
 
 
 
 
Git for Windows Installer git.exe untrusted search path0.230.00885CVE-2022-31012
2037903.13.1
 
 
 
 
Western Digital My Cloud Home/My Cloud Home Duo AWS Credential insufficiently protected credentials0.030.00885CVE-2022-22998
2037893.53.5
 
 
 
 
libguestfs get_keys denial of service0.000.00885CVE-2022-2211
2037889.89.8
 
9.8
 
 
Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write0.330.00885CVE-2022-1737
2037875.55.5
 
 
 
 
Argo CD access control0.100.00885CVE-2022-1025
2037866.36.3
 
 
 
 
Zoho ManageEngine ServiceDesk Plus Ticket-Creation Email improper authentication0.200.00885CVE-2022-35403
2037854.34.3
 
 
 
 
SAP BusinessObjects CMC cross-site request forgery0.300.00885CVE-2022-35228
2037846.36.3
 
 
 
 
SAP BusinessObjects BW Publisher Service unquoted search path0.030.00885CVE-2022-31591
2037834.34.3
 
 
 
 
SAP NW EP WPC cross site scripting0.070.01055CVE-2022-35227
2037822.62.6
 
 
 
 
SAP Business one/HANA Cockpit exposure of resource0.070.00885CVE-2022-32249
2037814.64.6
 
 
 
 
SAP S4HANA Manage Checkbooks input validation0.040.00885CVE-2022-32248
2037805.55.5
 
 
 
 
SAP S4HANA Application Business Partner Extension authorization0.000.00885CVE-2022-31597
2037793.53.5
 
 
 
 
SourceCodester Simple e-Learning System claire_blake cross site scripting0.460.00885CVE-2022-2396
2037785.55.5
 
 
 
 
SAP Business One Client code injection0.070.00885CVE-2022-31593
2037773.82.7
 
4.9
 
 
Zulip Public Data Export information disclosure0.070.00890CVE-2022-31134
2037764.34.3
 
 
 
 
SAP SAP BusinessObjects Business Intelligence Platform authorization0.030.00885CVE-2022-29619
2037756.36.3
 
 
 
 
Git access control0.200.00950CVE-2022-29187
2037744.34.3
 
 
 
 
SAP Business one License Service API HTTP Request improper authentication0.000.00885CVE-2022-28771

24 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!