CVSSv3 08/16/2022

CVSSv3 Base

≤10
≤20
≤30
≤42
≤52
≤64
≤76
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤52
≤68
≤72
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤42
≤54
≤64
≤74
≤81
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤81
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2064506.36.3
 
 
 
 
Zoho ManageEngine Analytics Plus XML File xml external entity reference0.00+0.00000CVE-2020-21641
2064496.36.3
 
 
 
 
Mapbox gl-native Image out-of-bounds write0.13+0.00000CVE-2022-38216
2064488.88.8
 
 
 
 
Airspan AirVelocity 1500 snmpd inherently dangerous function0.18+0.00000CVE-2022-36310
2064475.55.5
 
 
 
 
Eternal Terminal listen buffer overflow0.13+0.00000CVE-2022-24949
2064466.36.3
 
 
 
 
Aviatrix Gateway VPN command injection0.18+0.00000CVE-2022-38368
2064455.24.3
 
6.1
 
 
ESRI Portal for ArcGIS injection0.15+0.00000CVE-2022-38191
2064446.36.3
 
 
 
 
Zoho ManageEngine Analytics Plus zropusermgmt pathname traversal0.18+0.00000CVE-2020-21642
2064435.94.1
 
7.7
 
 
Minetest protection mechanism0.15+0.00000CVE-2022-35978
2064426.85.5
 
8.2
 
 
Nordic nRF5 SDK for Mesh Packet heap-based overflow0.18+0.00000CVE-2022-35624
2064416.85.5
 
8.2
 
 
Nordic nRF5 SDK for Mesh Packet heap-based overflow0.18+0.00000CVE-2022-35623
2064404.34.3
 
 
 
 
wkhtmltopdf HTML File pathname traversal0.15+0.00000CVE-2020-21365
2064398.08.0
 
 
 
 
Airspan AirVelocity 1500 Web Management UI recoverySubmit.cgi command injection0.13+0.00000CVE-2022-36309
2064383.53.5
 
 
 
 
Eyes of Network rules.php cross site scripting0.15+0.00000CVE-2022-38358
2064373.53.5
 
 
 
 
Eyes of Network Parameter index.php cross site scripting0.15+0.00000CVE-2022-38357
2064365.55.5
 
 
 
 
D-Link Go-RT-AC750 gena.php command injection0.28+0.00000CVE-2022-36523
2064354.34.3
 
 
 
 
Eyes of Network cross-site request forgery0.25+0.00000CVE-2022-38359

Do you know our Splunk app?

Download it now for free!