CVSSv3 07/22/2022

CVSSv3 Base

≤10
≤20
≤31
≤48
≤528
≤613
≤716
≤89
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤49
≤527
≤619
≤712
≤87
≤93
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤32
≤49
≤528
≤612
≤715
≤810
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤514
≤611
≤73
≤85
≤95
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2049403.53.5
 
 
 
 
Radare2 Binary File bfile.c r_bin_file_xtr_load_buffer null pointer dereference0.110.00885CVE-2022-34520
2049395.35.3
 
5.3
 
 
Johnson Controls Metasys ADS/Metasys ADX/Metasys OAS Web API missing authentication0.030.00885CVE-2021-36200
2049385.55.5
 
 
 
 
scu-captcha backdoor0.170.02509CVE-2022-34983
2049375.55.5
 
 
 
 
eziod backdoor0.050.02509CVE-2022-34982
2049365.55.5
 
 
 
 
PyCrowdTangle backdoor0.050.02509CVE-2022-34981
2049355.55.5
 
 
 
 
wikifaces backdoor0.050.02509CVE-2022-34509
2049344.34.3
 
 
 
 
QPDF PDF File processXRefStream heap-based overflow0.170.00885CVE-2022-34503
2049333.53.5
 
 
 
 
Radare2 Binary File wasm.c consume_encoded_name_new heap-based overflow0.000.00885CVE-2022-34502
2049325.55.5
 
 
 
 
bin-collection backdoor0.000.02509CVE-2022-34501
2049315.55.5
 
 
 
 
bin-collect backdoor0.050.02509CVE-2022-34500
2049305.44.3
 
6.5
 
 
Microweber cross site scripting0.040.00885CVE-2022-2470
2049293.53.5
 
 
 
 
Caddy URI rewrite.go rewrite out-of-bounds0.110.00885CVE-2022-34037
2049284.34.3
 
 
 
 
Advantech iView path traversal0.000.01086CVE-2022-2139
2049277.77.3
 
8.2
 
 
Advantech iView missing authentication0.050.01086CVE-2022-2138
2049269.89.8
 
9.8
 
 
Advantech iView command injection0.050.01086CVE-2022-2143
2049257.77.3
 
8.1
 
 
Advantech iView sql injection0.050.00885CVE-2022-2142
2049244.84.7
 
4.9
 
 
Advantech iView sql injection0.050.00885CVE-2022-2137
2049237.56.3
 
8.8
 
 
Advantech iView sql injection0.000.00885CVE-2022-2136
2049227.47.3
 
7.5
 
 
Advantech iView sql injection0.000.00885CVE-2022-2135
2049213.73.7
 
 
 
 
Red Hat OpenStack Session Cookie cookie httponly flag0.030.00885CVE-2022-1655
2049203.53.5
 
 
 
 
Better PDF Exporter Add-on PDF Templates Overview Page cross site scripting0.050.00885CVE-2022-36131
2049195.96.3
 
5.4
 
 
Zulip API Call improper authorization0.030.00890CVE-2022-31168
2049187.37.3
 
 
 
 
Linux Kernel io_uring use after free0.040.00000CVE-2022-2209
2049176.36.3
 
 
 
 
Linux Kernel io_uring double free0.000.00885CVE-2022-2327
2048586.37.3
 
5.3
 
 
YIKES Custom Product Tabs for WooCommerce Plugin access control0.040.00885CVE-2022-28666
2048574.42.0
 
6.8
 
 
Microweber cross site scripting0.070.00885CVE-2022-2495
2048564.93.5
 
6.3
 
 
OpenEMR cross site scripting0.000.00885CVE-2022-2494
2048556.36.3
 
 
 
 
ASUSTek Aura Ready Game SDK Service GameSDK.exe unquoted search path0.050.01412CVE-2022-35899
2048545.55.5
 
 
 
 
Lin CMS Spring Boot access control0.000.00885CVE-2022-32430
2048535.35.3
 
 
 
 
OpenZeppelin SignatureChecker.isValidSignatureNow input validation0.040.00885CVE-2022-31172
2048527.57.5
 
7.5
 
 
OpenZeppelin ERC165Checker.supportsInterface input validation0.040.00885CVE-2022-31170
2048515.75.6
 
5.9
 
 
Wasmtime Cranelift calculation0.030.02485CVE-2022-31169
2048507.47.3
 
7.5
 
 
Tovy improper authentication0.030.00885CVE-2022-31164
2048496.45.3
 
7.5
 
 
Slack Morphism unknown vulnerability0.000.00885CVE-2022-31162
2048487.36.3
 
8.3
 
 
OpenEMR Outside Expected Data Manager unknown vulnerability0.070.00885CVE-2022-2493
2048476.16.3
 
5.9
 
 
ALLNET WR0500AC wizardpwd.asp authorization0.000.00885CVE-2022-34767
2048464.03.3
 
4.8
 
 
Supersmart.me Walk Through API invoiceImg improper authentication0.000.00885CVE-2022-30628
2048453.73.7
 
 
 
 
Citilog HTTP Traffic cleartext transmission0.000.00885CVE-2022-28861
2048445.55.5
 
 
 
 
Citilog channel accessible0.030.00885CVE-2022-28860
2048434.24.2
 
4.3
 
 
F-Secure WithSecure Endpoint Protection access control0.070.01005CVE-2022-28877
2048423.53.5
 
 
 
 
file-type MKV File infinite loop0.080.00954CVE-2022-36313
2048418.18.1
 
8.1
 
 
ABB RMC-100 Standard path traversal0.000.02055CVE-2022-0902
2048402.92.4
 
3.4
 
 
Florent Maillefaud WP Maintenance Plugin cross site scripting0.060.00885CVE-2022-30536
2048394.84.3
 
5.4
 
 
Sygnoos Popup Builder Plugin Popup Status Change cross-site request forgery0.040.00885CVE-2022-32289
2048384.84.3
 
5.4
 
 
JoomUnited WP Meta SEO Plugin Social Setting cross-site request forgery0.000.00885CVE-2022-30337
2048378.57.3
 
9.8
 
 
biplob018 Shortcode Addons Plugin Option Update access control0.030.00885CVE-2022-34487
2048368.57.3
 
9.8
 
 
Biplob Adhikari Accordions Plugin Options Change access control0.000.00885CVE-2022-33198
2048354.12.7
 
5.5
 
 
GiveWP Plugin Export information disclosure0.060.00885CVE-2022-31475
2048346.94.7
 
9.1
 
 
GiveWP Plugin Export access control0.000.00885CVE-2022-28700
2048336.25.0
 
7.5
 
 
TZInfo Timezone.get path traversal0.000.00950CVE-2022-31163

29 more entries are not shown

Do you know our Splunk app?

Download it now for free!