CVSSv3 08/18/2022

CVSSv3 Base

≤10
≤20
≤30
≤42
≤515
≤68
≤731
≤818
≤94
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤515
≤618
≤721
≤818
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤49
≤512
≤617
≤730
≤86
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤54
≤66
≤77
≤89
≤95
≤1012

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤61
≤72
≤810
≤94
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2067267.06.37.8
 
 
 
McAfee Security Scan Plus Configuration File integrity check0.000.01365CVE-2022-37025
2067255.33.75.37.0
 
 
Hyperledger Fabric Gateway Client Application denial of service0.070.00885CVE-2022-36023
2067245.54.35.56.6
 
 
vim null pointer dereference0.080.00885CVE-2022-2874
2067235.35.3
 
 
 
 
FLIR AX8 pathname traversal0.040.01136CVE-2022-37060
2067228.88.8
 
 
 
 
Qualys Cloud Agent access control0.040.00950CVE-2022-29549
2067214.12.75.5
 
 
 
Qualys Cloud Agent qualys-cloud-agent-scan.log log file0.000.00950CVE-2022-29550
2067206.45.3
 
7.5
 
 
py-cord Slash Command discord.py access control0.030.00885CVE-2022-36024
2067195.55.5
 
 
 
 
Google Chrome Extensions API Privilege Escalation0.090.00954CVE-2022-2861
2067186.36.3
 
 
 
 
Google Chrome Cookies Privilege Escalation0.080.01136CVE-2022-2860
2067175.55.5
 
 
 
 
Google Chrome OS Shell use after free0.070.01136CVE-2022-2859
2067166.36.3
 
 
 
 
Google Chrome Intents input validation0.050.01136CVE-2022-2856
2067156.36.3
 
 
 
 
Google Chrome Downloads heap-based overflow0.000.01136CVE-2022-2853
2067146.36.3
 
 
 
 
Google Chrome Sign-In Flow use after free0.080.01136CVE-2022-2858
2067136.36.3
 
 
 
 
Google Chrome Blink use after free0.050.01136CVE-2022-2857
2067126.36.3
 
 
 
 
Google Chrome ANGLE use after free0.040.01136CVE-2022-2855
2067116.36.3
 
 
 
 
Google Chrome SwiftShader use after free0.040.01136CVE-2022-2854
2067106.36.3
 
 
 
 
Google Chrome FedCM use after free0.000.01136CVE-2022-2852
2067094.83.56.1
 
 
 
Cybozu Office cross site scripting0.050.01055CVE-2022-28715
2067083.53.5
 
 
 
 
HestiaCP list_key.html cross site scripting0.030.00885CVE-2021-30071
2067075.94.37.5
 
 
 
Contract Management System hard-coded password0.040.00885CVE-2022-35198
2067064.94.35.5
 
 
 
Axiomatic Bento4 MP4 File AP4_SgpdAtom denial of service0.050.00885CVE-2022-35165
2067054.83.56.1
 
 
 
Cybozu Office cross site scripting0.030.01055CVE-2022-33151
2067044.83.56.1
 
 
 
Cybozu Office cross site scripting0.000.01055CVE-2022-30604
2067034.34.34.3
 
 
 
Cybozu Office Custom App access control0.040.01055CVE-2022-29891
2067024.83.56.1
 
 
 
Cybozu Office cross site scripting0.000.01055CVE-2022-29487
2067016.55.57.5
 
 
 
Nginx NJS Code Generation memory corruption0.030.00954CVE-2022-35173
2067008.06.39.8
 
 
 
Shopro Mall System sql injection0.050.00885CVE-2022-35154
2066994.34.34.3
 
 
 
Cybozu Office Address Book access control0.050.01055CVE-2022-33311
2066986.46.36.5
 
 
 
Cybozu Office HTTP Header injection0.030.01055CVE-2022-32453
2066974.34.34.3
 
 
 
Cybozu Office Cabinet access control0.000.01055CVE-2022-32283
2066964.34.3
 
 
 
 
Cybozu Office Scheduler information disclosure0.000.01055CVE-2022-25986
2066955.45.35.5
 
 
 
libjpeg ReadInternal infinite loop0.040.00885CVE-2022-35166
2066947.65.59.8
 
 
 
LibreDWG bit_copy_chain use after free0.040.00885CVE-2022-35164
2066935.45.4
 
 
 
 
Cybozu Office Scheduler access control0.040.01055CVE-2022-32583
2066924.95.44.3
 
 
 
Cybozu Office Project access control0.000.01055CVE-2022-32544
2066914.84.35.3
 
 
 
Cybozu Office System Configuration information disclosure0.050.01055CVE-2022-30693
2066906.55.57.5
 
 
 
HestiaCP Package Manager access control0.000.00885CVE-2021-30070
2066897.65.59.8
 
 
 
FusionPBX fax_send.php command injection0.080.02055CVE-2022-35153
2066886.35.08.85.0
 
 
Laravel deserialization0.120.00885CVE-2022-2886
2066873.53.5
 
 
 
 
CherryTree cross site scripting0.060.00885CVE-2022-35133
2066868.06.39.8
 
 
 
DoraCMS HTTP Request improper authentication0.050.00885CVE-2022-35147
2066854.34.3
 
 
 
 
Ecowitt GW1100 access control0.070.00885CVE-2022-35122
2066848.58.87.88.8
 
 
Zoom Rooms for Conference Rooms signature verification0.050.00885CVE-2022-28752
2066838.06.39.8
 
 
 
sazanrjb InventoryManagementSystem CustomerDAO.java sql injection0.120.00885CVE-2022-35606
2066828.06.39.8
 
 
 
sazanrjb InventoryManagementSystem UserDAO.java sql injection0.050.00885CVE-2022-35605
2066816.36.3
 
 
 
 
sazanrjb InventoryManagementSystem SupplierDAO.java sql injection0.060.00885CVE-2022-35604
2066808.06.39.8
 
 
 
sazanrjb InventoryManagementSystem CustomerDAO.java sql injection2.170.00885CVE-2022-35603
2066798.06.39.8
 
 
 
sazanrjb InventoryManagementSystem UserDAO.java sql injection0.030.00885CVE-2022-35602
2066786.36.3
 
 
 
 
sazanrjb InventoryManagementSystem SupplierDAO.java sql injection0.040.00885CVE-2022-35601
2066778.06.39.8
 
 
 
sazanrjb InventoryManagementSystem Stocks.java sql injection0.070.00885CVE-2022-35599

29 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!