CVSSv3 August 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤338
≤4195
≤5149
≤6219
≤7219
≤8105
≤981
≤1037

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤345
≤4220
≤5125
≤6301
≤7179
≤8104
≤935
≤1034

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤355
≤4204
≤5162
≤6179
≤7204
≤8134
≤994
≤109

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤36
≤424
≤531
≤651
≤744
≤869
≤933
≤1053

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤57
≤613
≤730
≤849
≤918
≤104

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
08/14/20223.53.5
 
 
 
 
SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting3.45-CVE-2022-2814
08/14/20224.34.3
 
 
 
 
SourceCodester Guest Management System cleartext storage3.64-CVE-2022-2813
08/14/20226.36.3
 
 
 
 
Win32.Ransom.BlueSky CRYPTSP.dll uncontrolled search path3.30-
08/14/20227.37.3
 
 
 
 
SourceCodester Guest Management System index.php sql injection5.17-CVE-2022-2812
08/14/20223.53.5
 
 
 
 
SourceCodester Guest Management System myform.php cross site scripting4.83-CVE-2022-2811
08/13/20225.14.3
 
5.9
 
 
CodeIgniter Shield cross-site request forgery0.84CVE-2022-35943
08/13/20225.75.6
 
5.8
 
 
Camilova activerecord-update-by-case Base sql injection0.54CVE-2022-35956
08/13/20225.75.0
 
6.4
 
 
undici undici.request server-side request forgery0.69CVE-2022-35949
08/13/20225.55.5
 
 
 
 
Gitea Issue access control1.82CVE-2022-38183
08/13/20226.45.3
 
7.5
 
 
OpenSearch Security Advanced Access Control unknown vulnerability1.82CVE-2022-35980
08/13/20226.05.0
 
7.1
 
 
BookWyrm Link redirect1.43CVE-2022-35953
08/13/20223.84.3
 
3.3
 
 
Esri ArcReader File out-of-bounds0.79CVE-2021-29118
08/13/20227.06.3
 
7.8
 
 
Esri ArcReader File use after free0.64CVE-2021-29117
08/13/20223.84.3
 
3.3
 
 
Esri ArcReader File out-of-bounds2.56CVE-2021-29112
08/13/20227.86.3
 
9.3
 
 
loopback-connector-postgresql sql injection2.11CVE-2022-35942
08/13/20225.55.5
 
 
 
 
Google Chrome OS Audio Server out-of-bounds write1.88CVE-2022-2587
08/13/20226.36.3
 
 
 
 
Google Chrome PDF heap-based overflow2.67CVE-2022-2624
08/13/20226.36.3
 
 
 
 
Google Chrome Offline use after free1.93CVE-2022-2623
08/13/20226.36.3
 
 
 
 
Google Chrome Safe Browsing input validation1.72CVE-2022-2622
08/13/20226.36.3
 
 
 
 
Google Chrome Extensions use after free2.03CVE-2022-2621
08/13/20226.36.3
 
 
 
 
Google Chrome WebUI use after free1.43CVE-2022-2620
08/13/20226.36.3
 
 
 
 
Google Chrome Settings input validation1.48CVE-2022-2619
08/13/20226.36.3
 
 
 
 
Google Chrome Internals input validation1.72CVE-2022-2618
08/13/20226.36.3
 
 
 
 
Google Chrome Extensions API use after free1.43CVE-2022-2617
08/13/20226.36.3
 
 
 
 
Google Chrome Extensions API Remote Code Execution1.78CVE-2022-2616
08/13/20226.36.3
 
 
 
 
Google Chrome Cookie access control1.58CVE-2022-2615
08/13/20226.36.3
 
 
 
 
Google Chrome Sign-In Flow use after free1.53CVE-2022-2614
08/13/20226.36.3
 
 
 
 
Google Chrome Input use after free1.43CVE-2022-2613
08/13/20223.13.1
 
 
 
 
Google Chrome Keyboard Input information disclosure1.43CVE-2022-2612
08/13/20225.55.5
 
 
 
 
Google Chrome Fullscreen API Privilege Escalation1.34CVE-2022-2611
08/13/20226.36.3
 
 
 
 
Google Chrome Background Fetch access control1.38CVE-2022-2610
08/13/20226.36.3
 
 
 
 
Google Chrome Nearby Share use after free1.78CVE-2022-2609
08/13/20226.36.3
 
 
 
 
Google Chrome Overview Mode use after free0.54CVE-2022-2608
08/13/20226.36.3
 
 
 
 
Google Chrome Tab Strip use after free0.45CVE-2022-2607
08/13/20226.36.3
 
 
 
 
Google Chrome Managed Devices API use after free0.49CVE-2022-2606
08/13/20224.34.3
 
 
 
 
Google Chrome Dawn out-of-bounds0.54CVE-2022-2605
08/13/20226.36.3
 
 
 
 
Google Chrome Safe Browsing use after free0.49CVE-2022-2604
08/13/20226.36.3
 
 
 
 
Google Chrome Omnibox use after free0.84CVE-2022-2603
08/13/20227.36.3
 
8.3
 
 
YugabyteDB LDAP Authentication config1.48CVE-2022-37397
08/12/20224.14.1
 
 
 
 
Google Android Settings access control0.39CVE-2022-20302
08/12/20224.14.1
 
 
 
 
Google Android Settings permission0.30CVE-2022-20265
08/12/20223.53.5
 
 
 
 
ForkCMS cross site scripting0.54CVE-2022-35590
08/12/20223.53.5
 
 
 
 
ForkCMS cross site scripting0.35CVE-2022-35585
08/12/20223.53.5
 
 
 
 
Synacor Zimbra Collaboration Suite cross site scripting0.44CVE-2022-37044
08/12/20225.35.3
 
 
 
 
Google Android Core Utilities input validation0.25CVE-2022-20338
08/12/20225.35.3
 
 
 
 
Google Android Wifi Slice permission0.39CVE-2022-20335
08/12/20224.84.8
 
 
 
 
Google Android Framework improper restriction of rendered ui layers0.49CVE-2022-20331
08/12/20225.35.3
 
 
 
 
Google Android Wifi permission0.39CVE-2022-20329
08/12/20225.35.3
 
 
 
 
Google Android DreamServices Local Privilege Escalation0.35CVE-2022-20319
08/12/20224.24.2
 
 
 
 
Google Android KeyChain permission0.39CVE-2022-20314

993 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!