CVSSv3 07/16/2022

CVSSv3 Base

≤10
≤20
≤32
≤416
≤53
≤613
≤714
≤86
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤416
≤54
≤615
≤712
≤85
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤412
≤513
≤69
≤712
≤87
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤46
≤50
≤64
≤72
≤814
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2040086.36.3
 
 
 
 
Apache Hive CREATE/DROP missing authentication0.040.00885CVE-2021-34538
2040073.73.7
 
 
 
 
Builder XtremeRAT user.info improper authentication0.000.00000
2040066.36.3
 
 
 
 
Builder XtremeRAT permission0.000.00000
2040055.35.3
 
 
 
 
Backdoor.Win32.HoneyPot.a Service Port 21 hard-coded password0.000.00000
2040043.53.5
 
 
 
 
SourceCodester Multi Restaurant Table Reservation System profile.php cross site scripting0.000.00950CVE-2020-35261
2040035.55.5
 
 
 
 
Arox School ERP Pro Add Photo photogalleries.inc.php unrestricted upload0.040.11752CVE-2022-32119
2040023.13.1
 
 
 
 
Angular Cache cross site scripting0.180.01018CVE-2022-25869
2040013.53.5
 
 
 
 
gollum New Page cross site scripting0.000.01018CVE-2020-35305
2040007.77.2
 
8.2
 
 
Parallels Desktop HDAudio Virtual Device buffer overflow0.000.01005CVE-2021-34987
2039995.35.3
 
 
 
 
Google Go Crypto Rand infinite loop0.110.01018CVE-2022-30634
2039986.45.3
 
7.5
 
 
containrrr shoutrrr util util.PartitionMessage denial of service0.080.01018CVE-2022-25891
2039975.35.3
 
5.3
 
 
terser incorrect regex0.210.01018CVE-2022-25858
2039965.44.3
 
6.5
 
 
OpenZeppelin Cairo Contracts resource control0.080.01034CVE-2022-31153
2039952.42.4
 
 
 
 
ZTE ZXMP M721 ZBOOT Interface information disclosure0.030.00885CVE-2022-23141
2039943.53.5
 
 
 
 
Couchbase Server Private Key log file0.000.00885CVE-2022-34826
2039935.55.5
 
 
 
 
Microweber Settings Upload Picture user.ini unrestricted upload0.000.00885CVE-2021-36461
2039926.55.3
 
7.8
 
 
Parallels Desktop Symbolic Links toctou0.000.01005CVE-2021-34986
2039915.43.5
 
7.3
 
 
Grafana Unified Alerting cross site scripting0.000.00950CVE-2022-31097
2039907.37.3
 
 
 
 
Honeywell Alerton Compass Software Configuration access control0.080.01061CVE-2022-30245
2039897.37.3
 
 
 
 
Honeywell Alerton Ascent Control Module Configuration access control0.080.01061CVE-2022-30242
2039882.62.6
 
 
 
 
Inductive Automation Ignition Session ID random values0.040.00885CVE-2022-35890
2039875.55.5
 
 
 
 
EIP Stack Group OpENer stack-based overflow0.030.00885CVE-2022-32434
2039868.67.3
 
10.0
 
 
Hap-WI Roxy-WI options.py subprocess_execute command injection0.000.00885CVE-2022-31161
2039856.24.6
 
7.9
 
 
AWS SDK for Java S3 TransferManager downloadDirectory path traversal0.460.00885CVE-2022-31159
2039847.37.3
 
 
 
 
mbed TLS ClientHello Message heap-based overflow0.140.00885CVE-2022-35409
2039836.05.0
 
7.1
 
 
Grafana authorization0.250.00950CVE-2022-31107
2039823.84.3
 
3.3
 
 
Bentley MicroStation/View DGN File Parser out-of-bounds0.040.00885CVE-2022-35906
2039813.84.3
 
3.3
 
 
Bentley MicroStation/View FBX File Parser out-of-bounds0.050.00885CVE-2022-35905
2039804.34.3
 
 
 
 
Bentley MicroStation/View IFC File Parser out-of-bounds0.050.00885CVE-2022-35904
2039793.84.3
 
3.3
 
 
MicroStation MicroStation/View 3DS File Parser out-of-bounds0.040.00885CVE-2022-35903
2039783.84.3
 
3.3
 
 
Bentley MicroStation/View OBJ File Parser out-of-bounds0.030.00885CVE-2022-35902
2039773.84.3
 
3.3
 
 
Bentley MicroStation/View J2K File Parser out-of-bounds0.000.00885CVE-2022-35901
2039763.84.3
 
3.3
 
 
Bentley MicroStation/View JP2 file Parser out-of-bounds0.000.00885CVE-2022-35900
2039755.24.3
 
6.1
 
 
Adobe RoboHelp cross site scripting0.000.01046CVE-2022-23201
2039747.37.3
 
 
 
 
Honeywell Alerton Ascent Control Module Packet code0.000.01061CVE-2022-30244
2039737.37.3
 
 
 
 
Honeywell Alerton Visual Logic Packet code0.040.01061CVE-2022-30243
2039725.96.3
 
5.5
 
 
Adobe InDesign out-of-bounds0.040.01223CVE-2022-34248
2039717.06.3
 
7.8
 
 
Adobe Character Animator when parsing out-of-bounds0.100.01223CVE-2022-34242
2039707.06.3
 
7.8
 
 
Adobe InCopy out-of-bounds write0.040.01223CVE-2022-34251
2039696.36.3
 
 
 
 
Adobe InCopy heap-based overflow0.050.01223CVE-2022-34250
2039687.06.3
 
7.8
 
 
Adobe InCopy heap-based overflow0.050.01223CVE-2022-34249
2039677.06.3
 
7.8
 
 
Adobe InDesign out-of-bounds write0.000.01223CVE-2022-34247
2039667.06.3
 
7.8
 
 
Adobe InDesign heap-based overflow0.040.01223CVE-2022-34246
2039657.06.3
 
7.8
 
 
Adobe InDesign heap-based overflow0.000.01223CVE-2022-34245
2039647.06.3
 
7.8
 
 
Adobe Photoshop use after free0.000.01223CVE-2022-34243
2039637.06.3
 
7.8
 
 
Adobe Character Animator heap-based overflow0.000.01223CVE-2022-34241
2039624.94.3
 
5.5
 
 
Adobe InCopy out-of-bounds0.000.01046CVE-2022-34252
2039614.94.3
 
5.5
 
 
Adobe Photoshop uninitialized pointer0.060.01046CVE-2022-34244
2039605.65.6
 
 
 
 
LTI authentication replay0.040.00885CVE-2022-31158
2039595.63.7
 
7.5
 
 
LTI risky encryption0.070.00885CVE-2022-31157

5 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!