CVSSv3 August 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤1	0
≤2	0
≤3	38
≤4	195
≤5	149
≤6	219
≤7	219
≤8	105
≤9	81
≤10	37

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤1	0
≤2	0
≤3	45
≤4	220
≤5	125
≤6	301
≤7	179
≤8	104
≤9	35
≤10	34

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤1	0
≤2	2
≤3	55
≤4	204
≤5	162
≤6	179
≤7	204
≤8	134
≤9	94
≤10	9

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤1	0
≤2	0
≤3	6
≤4	24
≤5	31
≤6	51
≤7	44
≤8	69
≤9	33
≤10	53

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	7
≤6	13
≤7	30
≤8	49
≤9	18
≤10	4

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

◂ Previous OverviewNext ▸

Published	Base	VDB	CNA	Vulnerability	CTI	CVE
08/14/2022	3.5	3.5		SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting	3.45-	CVE-2022-2814
08/14/2022	4.3	4.3		SourceCodester Guest Management System cleartext storage	3.64-	CVE-2022-2813
08/14/2022	6.3	6.3		Win32.Ransom.BlueSky CRYPTSP.dll uncontrolled search path	3.30-
08/14/2022	7.3	7.3		SourceCodester Guest Management System index.php sql injection	5.17-	CVE-2022-2812
08/14/2022	3.5	3.5		SourceCodester Guest Management System myform.php cross site scripting	4.83-	CVE-2022-2811
08/13/2022	5.1	4.3	5.9	CodeIgniter Shield cross-site request forgery	0.84	CVE-2022-35943
08/13/2022	5.7	5.6	5.8	Camilova activerecord-update-by-case Base sql injection	0.54	CVE-2022-35956
08/13/2022	5.7	5.0	6.4	undici undici.request server-side request forgery	0.69	CVE-2022-35949
08/13/2022	5.5	5.5		Gitea Issue access control	1.82	CVE-2022-38183
08/13/2022	6.4	5.3	7.5	OpenSearch Security Advanced Access Control unknown vulnerability	1.82	CVE-2022-35980
08/13/2022	6.0	5.0	7.1	BookWyrm Link redirect	1.43	CVE-2022-35953
08/13/2022	3.8	4.3	3.3	Esri ArcReader File out-of-bounds	0.79	CVE-2021-29118
08/13/2022	7.0	6.3	7.8	Esri ArcReader File use after free	0.64	CVE-2021-29117
08/13/2022	3.8	4.3	3.3	Esri ArcReader File out-of-bounds	2.56	CVE-2021-29112
08/13/2022	7.8	6.3	9.3	loopback-connector-postgresql sql injection	2.11	CVE-2022-35942
08/13/2022	5.5	5.5		Google Chrome OS Audio Server out-of-bounds write	1.88	CVE-2022-2587
08/13/2022	6.3	6.3		Google Chrome PDF heap-based overflow	2.67	CVE-2022-2624
08/13/2022	6.3	6.3		Google Chrome Offline use after free	1.93	CVE-2022-2623
08/13/2022	6.3	6.3		Google Chrome Safe Browsing input validation	1.72	CVE-2022-2622
08/13/2022	6.3	6.3		Google Chrome Extensions use after free	2.03	CVE-2022-2621
08/13/2022	6.3	6.3		Google Chrome WebUI use after free	1.43	CVE-2022-2620
08/13/2022	6.3	6.3		Google Chrome Settings input validation	1.48	CVE-2022-2619
08/13/2022	6.3	6.3		Google Chrome Internals input validation	1.72	CVE-2022-2618
08/13/2022	6.3	6.3		Google Chrome Extensions API use after free	1.43	CVE-2022-2617
08/13/2022	6.3	6.3		Google Chrome Extensions API Remote Code Execution	1.78	CVE-2022-2616
08/13/2022	6.3	6.3		Google Chrome Cookie access control	1.58	CVE-2022-2615
08/13/2022	6.3	6.3		Google Chrome Sign-In Flow use after free	1.53	CVE-2022-2614
08/13/2022	6.3	6.3		Google Chrome Input use after free	1.43	CVE-2022-2613
08/13/2022	3.1	3.1		Google Chrome Keyboard Input information disclosure	1.43	CVE-2022-2612
08/13/2022	5.5	5.5		Google Chrome Fullscreen API Privilege Escalation	1.34	CVE-2022-2611
08/13/2022	6.3	6.3		Google Chrome Background Fetch access control	1.38	CVE-2022-2610
08/13/2022	6.3	6.3		Google Chrome Nearby Share use after free	1.78	CVE-2022-2609
08/13/2022	6.3	6.3		Google Chrome Overview Mode use after free	0.54	CVE-2022-2608
08/13/2022	6.3	6.3		Google Chrome Tab Strip use after free	0.45	CVE-2022-2607
08/13/2022	6.3	6.3		Google Chrome Managed Devices API use after free	0.49	CVE-2022-2606
08/13/2022	4.3	4.3		Google Chrome Dawn out-of-bounds	0.54	CVE-2022-2605
08/13/2022	6.3	6.3		Google Chrome Safe Browsing use after free	0.49	CVE-2022-2604
08/13/2022	6.3	6.3		Google Chrome Omnibox use after free	0.84	CVE-2022-2603
08/13/2022	7.3	6.3	8.3	YugabyteDB LDAP Authentication config	1.48	CVE-2022-37397
08/12/2022	4.1	4.1		Google Android Settings access control	0.39	CVE-2022-20302
08/12/2022	4.1	4.1		Google Android Settings permission	0.30	CVE-2022-20265
08/12/2022	3.5	3.5		ForkCMS cross site scripting	0.54	CVE-2022-35590
08/12/2022	3.5	3.5		ForkCMS cross site scripting	0.35	CVE-2022-35585
08/12/2022	3.5	3.5		Synacor Zimbra Collaboration Suite cross site scripting	0.44	CVE-2022-37044
08/12/2022	5.3	5.3		Google Android Core Utilities input validation	0.25	CVE-2022-20338
08/12/2022	5.3	5.3		Google Android Wifi Slice permission	0.39	CVE-2022-20335
08/12/2022	4.8	4.8		Google Android Framework improper restriction of rendered ui layers	0.49	CVE-2022-20331
08/12/2022	5.3	5.3		Google Android Wifi permission	0.39	CVE-2022-20329
08/12/2022	5.3	5.3		Google Android DreamServices Local Privilege Escalation	0.35	CVE-2022-20319
08/12/2022	4.2	4.2		Google Android KeyChain permission	0.39	CVE-2022-20314

993 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 993 results.

◂ Previous OverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!