CVSSv3 08/15/2022

CVSSv3 Base

≤10
≤20
≤31
≤42
≤54
≤613
≤76
≤86
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤42
≤54
≤613
≤77
≤86
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤45
≤57
≤69
≤77
≤83
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤41
≤51
≤64
≤72
≤84
≤95
≤104

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤60
≤72
≤84
≤90
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤82
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2064668.08.8
 
 
7.1
 
Microsoft Windows Defender Credential Guard Privilege Escalation0.040.01178CVE-2022-35822
2064658.38.8
 
 
7.8
 
Microsoft Windows Defender Credential Guard Privilege Escalation0.000.01178CVE-2022-34711
2064345.55.65.3
 
 
 
Domain Name Relay Daemon injection0.050.01018CVE-2022-33993
2064335.65.6
 
 
 
 
Domain Name Relay Daemon access control0.040.00954CVE-2022-33992
2064325.65.6
 
 
 
 
dproxy-nexgen DNSSEC access control0.040.00954CVE-2022-33991
2064315.65.6
 
 
 
 
dproxy-nexgen Domain Name injection0.000.01018CVE-2022-33990
2064306.55.67.5
 
 
 
dproxy-nexgen DNS Transaction injection0.070.00954CVE-2022-33988
2064297.75.69.8
 
 
 
totd UDP Source Port injection0.040.01018CVE-2022-34294
2064285.55.65.3
 
 
 
dproxy-nexgen UDP Source Port injection0.040.00954CVE-2022-33989
2064277.65.59.8
 
 
 
taocms config.php code injection0.040.01018CVE-2022-36262
2064265.85.05.37.1
 
 
undici Content-Type Header crlf injection0.070.00954CVE-2022-35948
2064257.06.37.8
 
 
 
w3m HTML etc.c checkType out-of-bounds write0.040.00885CVE-2022-38223
2064248.57.3
 
9.8
 
 
nameless missing critical step in authentication0.040.00885CVE-2022-2821
2064237.57.38.27.0
 
 
nameless access control0.050.00885CVE-2022-2820
2064227.06.3
 
7.8
 
 
vim heap-based overflow0.030.00954CVE-2022-2819
2064218.67.38.89.8
 
 
Cockpit authentication bypass0.050.00885CVE-2022-2818
2064206.24.6
 
7.9
 
 
OpenZeppelin Contracts Signature ECDSA.tryRecover integrity check0.040.00890CVE-2022-35961
2064195.76.3
 
5.0
 
 
Action ToolKit Environment Variable core.exportVariable command injection0.030.00885CVE-2022-35954
2064183.73.7
 
 
 
 
OctoPrint excessive authentication0.000.00885CVE-2022-2822
2064177.04.39.8
 
 
 
The Isle Evrima RCON Port FTcpListener buffer overflow0.000.01156CVE-2022-38221
2064164.96.3
 
3.5
 
 
Discourse Invitation resource consumption0.050.00000CVE-2022-35958
2064155.93.18.8
 
 
 
Apache OpenOffice User Configuration Database inadequate encryption0.040.00885CVE-2022-37400
2064145.26.33.36.1
 
 
Venice path traversal0.000.00950CVE-2022-36007
2064135.93.18.8
 
 
 
Apache OpenOffice User Configuration Database inadequate encryption0.060.00885CVE-2022-37401
2064122.42.4
 
 
 
 
Supsystic Digital Publications Plugin Setting cross site scripting0.040.00885CVE-2022-2384
2064115.94.37.5
 
 
 
Easy Student Results Plugin REST API authorization0.050.00885CVE-2022-2379
2064104.83.56.1
 
 
 
Easy Student Results Plugin cross site scripting0.040.00885CVE-2022-2378
2064093.62.44.8
 
 
 
Duplicate Page and Post Plugin Setting cross site scripting0.050.00885CVE-2022-2152
2064084.83.56.1
 
 
 
Contact Form DB Plugin Attribute cross site scripting0.040.00885CVE-2022-2116
2064075.74.37.2
 
 
 
WP-DBManager Plugin code injection0.000.00885CVE-2022-2354
2064065.86.35.3
 
 
 
SearchWP Live Ajax Search Plugin Live Search authorization0.000.00885CVE-2022-2535
2064057.25.08.87.9
 
 
Arvados code injection0.040.04571CVE-2022-36006
2064044.34.3
 
 
 
 
E Unlocked Student Result Plugin School Logo cross-site request forgery0.060.00885CVE-2022-2381
2064037.65.59.8
 
 
 
VR Calendar Plugin os command injection0.080.00885CVE-2022-2314
2064026.36.3
 
 
 
 
GREYD.SUITE Theme Custom Font Package unrestricted upload0.000.01156CVE-2022-2180

Do you want to use VulDB in your project?

Use the official API to access entries easily!