CVSSv3 07/26/2022

CVSSv3 Base

≤10
≤20
≤35
≤443
≤56
≤632
≤719
≤814
≤910
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤442
≤57
≤639
≤713
≤812
≤910
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤37
≤446
≤511
≤626
≤716
≤819
≤94
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤43
≤53
≤65
≤75
≤817
≤98
≤106

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2051117.17.1
 
 
 
 
Linux Kernel server_key.c rxrpc_preparse_s null pointer dereference0.060.00885CVE-2022-1671
2051106.56.5
 
 
 
 
Linux Kernel ACRN Device Model hsm.c acrn_dev_ioctl memory leak0.000.00885CVE-2022-1651
2051095.65.6
 
5.6
 
 
ianwalter merge code injection0.000.00885CVE-2021-23397
2051084.34.3
 
 
 
 
LibreOffice Configuration Database inadequate encryption0.000.00885CVE-2022-26307
2051073.53.5
 
 
 
 
Allow SVG Files Plugin cross site scripting0.000.00885CVE-2022-2299
2051066.14.3
 
8.0
 
 
beancount fava cross site scripting0.030.00885CVE-2022-2523
2051054.84.3
 
5.4
 
 
grapesjs Selector Manager cross site scripting0.000.01018CVE-2022-21802
2051045.22.3
 
8.2
 
 
Western Digital My Cloud cross site scripting0.000.00885CVE-2022-22999
2051038.57.3
 
9.8
 
 
Pega improper authorization0.060.00885CVE-2022-24083
2051025.53.1
 
8.0
 
 
Fava Error Message cross site scripting0.000.00885CVE-2022-2514
2051015.55.5
 
 
 
 
Ceph authorization0.000.00885CVE-2022-0670
2051006.36.3
 
 
 
 
Zoho ManageEngine SupportCenter Plus API Request improper authentication0.110.00885CVE-2022-36412
2050993.53.5
 
 
 
 
Paymoney cross site scripting0.030.00885CVE-2022-34991
2050983.53.5
 
 
 
 
Inout Blockchain AltExchanger js cross site scripting0.030.00885CVE-2022-34988
2050976.36.3
 
 
 
 
oretnom23 Online Fire Reporting System Parameter sql injection0.060.00885CVE-2022-31879
2050967.77.3
 
8.1
 
 
Cloudflare WARP Client warp-cli Subcommand access control0.060.00885CVE-2022-2225
2050955.55.5
 
 
 
 
zephyrproject-rtos Zephyr Bluetooth Mesh Core Stack out-of-bounds write0.000.00885CVE-2022-1042
2050946.85.5
 
8.2
 
 
zephyrproject-rtos Zephyr Bluetooth Mesh Core Stack out-of-bounds write0.030.00885CVE-2022-1041
2050935.44.3
 
6.5
 
 
Synology Calendar Webapi cross-site request forgery0.030.01055CVE-2022-22686
2050923.53.5
 
 
 
 
Atlassian Confluence Server/Data Center Livesearch Macro cross site scripting0.060.01055CVE-2020-36290
2050913.53.5
 
 
 
 
mistune Regular Expression denial of service0.000.00885CVE-2022-34749
2050905.55.5
 
 
 
 
WAVLINK WN535 G3 POST adm.cgi Privilege Escalation0.000.02485CVE-2022-34577
2050895.55.5
 
 
 
 
WAVLINK WN535 G3 POST ExportAllSettings.sh Privilege Escalation0.050.02559CVE-2022-34576
2050883.53.5
 
 
 
 
Wavlink WiFi-Repeater fctest.shtml access control0.000.00885CVE-2022-34575
2050873.53.5
 
 
 
 
Wavlink WiFi-Repeater Tftpd32.ini access control0.000.00885CVE-2022-34574
2050865.55.5
 
 
 
 
Wavlink WiFi-Repeater mb_wifibasic.shtml access control0.000.00885CVE-2022-34573
2050853.53.5
 
 
 
 
Wavlink WiFi-Repeater tftp.txt access control0.000.00885CVE-2022-34572
2050843.53.5
 
 
 
 
Wavlink WiFi-Repeater syslog.shtml access control0.030.00885CVE-2022-34571
2050833.53.5
 
 
 
 
WAVLINK WN579 X3 messages.txt information disclosure0.000.00885CVE-2022-34570
2050825.55.5
 
 
 
 
Joplin Node Title injection0.000.01374CVE-2022-35131
2050816.36.3
 
 
 
 
Orange Station sql injection0.000.00885CVE-2022-36161
2050806.36.3
 
 
 
 
Warehouse Management System sql injection0.060.00885CVE-2022-34067
2050795.55.5
 
 
 
 
yasm nasm-pp.c error use after free0.000.00885CVE-2021-33468
2050785.55.5
 
 
 
 
yasm nasm-pp.c pp_getline use after free0.080.00885CVE-2021-33467
2050773.53.5
 
 
 
 
yasm nasm-pp.c expand_smacro null pointer dereference0.000.00885CVE-2021-33466
2050763.53.5
 
 
 
 
yasm nasm-pp.c expand_mmacro null pointer dereference0.110.00885CVE-2021-33465
2050755.55.5
 
 
 
 
yasm nasm-pp.c inc_fopen heap-based overflow0.000.00885CVE-2021-33464
2050743.53.5
 
 
 
 
yasm expr.c yasm_expr__copy_except null pointer dereference0.060.00885CVE-2021-33463
2050735.55.5
 
 
 
 
yasm expr.c expr_traverse_nodes_post use after free0.080.00885CVE-2021-33462
2050725.55.5
 
 
 
 
yasm intnum.c yasm_intnum_destroy use after free0.060.00885CVE-2021-33461
2050713.53.5
 
 
 
 
yasm nasm-pp.c if_condition null pointer dereference0.170.00885CVE-2021-33460
2050703.53.5
 
 
 
 
yasm nasm-parse.c nasm_parser_directive null pointer dereference0.110.00885CVE-2021-33459
2050693.53.5
 
 
 
 
yasm nasm-pp.c find_cc null pointer dereference0.050.00885CVE-2021-33458
2050683.53.5
 
 
 
 
yasm nasm-pp.c expand_mmac_params null pointer dereference0.050.00885CVE-2021-33457
2050673.53.5
 
 
 
 
yasm nasm-pp.c hash null pointer dereference0.050.00885CVE-2021-33456
2050663.53.5
 
 
 
 
yasm nasm-pp.c do_directive null pointer dereference0.050.00885CVE-2021-33455
2050653.53.5
 
 
 
 
yasm expr.c yasm_expr_get_intnum null pointer dereference0.050.00885CVE-2021-33454
2050645.55.5
 
 
 
 
lrzip stream.c ucompthread use after free0.050.00885CVE-2021-33453
2050633.53.5
 
 
 
 
NASM alloc.c nasm_malloc memory leak0.100.00885CVE-2021-33452
2050623.53.5
 
 
 
 
lrzip stream.c fill_buffer memory leak0.060.00885CVE-2021-33451

79 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!