CVSSv3 08/20/2022

CVSSv3 Base

≤10
≤20
≤30
≤43
≤55
≤69
≤77
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤43
≤55
≤611
≤75
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤43
≤57
≤69
≤75
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤63
≤72
≤81
≤93
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2068724.34.3
 
 
 
 
Delta Electronics Delta Robot Automation Studio XML Document xml external entity reference0.090.00000CVE-2022-2759
2068713.73.7
 
 
 
 
LS Electric PLC/XG5000 inadequate encryption0.040.00000CVE-2022-2758
2068708.57.3
 
9.8
 
 
Project-Nexus sql injection0.040.00885CVE-2022-36030
2068696.54.3
 
8.8
 
 
chatwoot cross site scripting0.000.00885CVE-2022-0542
2068683.53.5
 
 
 
 
BPC SmartVista Error Message cross site scripting0.000.00954CVE-2022-35554
2068675.55.5
 
 
 
 
Tenda AC15 httpd formWifiBasicSet stack-based overflow0.000.00885CVE-2022-37175
2068665.55.5
 
 
 
 
Tenda AC9 httpd buffer overflow0.000.00885CVE-2022-36233
2068654.64.6
 
 
 
 
MapGIS IGServer denial of service0.070.00885CVE-2022-36171
2068646.36.3
 
 
 
 
MapGIS IGServer hard-coded credentials0.050.00885CVE-2022-36170
2068635.55.5
 
 
 
 
XXL-JOB permission0.070.00885CVE-2022-36157
2068626.46.8
 
5.9
 
 
Emerson Electric Proficy Machine Edition integrity check0.000.00885CVE-2022-2793
2068615.95.3
 
6.6
 
 
Emerson Electric Proficy Machine Edition access control0.050.00885CVE-2022-2792
2068606.16.3
 
5.9
 
 
Emerson Electric Proficy Machine Edition signature verification0.040.00885CVE-2022-2790
2068595.05.0
 
 
 
 
Emerson Electric Proficy Machine Edition data authenticity0.030.00885CVE-2022-2789
2068585.35.3
 
 
 
 
Emerson Electric Proficy Machine Edition ZipSlip path traversal0.000.00885CVE-2022-2788
2068575.55.5
 
 
 
 
radare2 Array Length core_java.c off-by-one0.030.00885CVE-2020-27793
2068566.36.3
 
 
 
 
GhostScript PDF gdevlp8k.c lp8000_print_page heap-based overflow0.060.00885CVE-2020-27792
2068555.44.3
 
6.5
 
 
Directus assets exceptional condition0.040.00885CVE-2022-36031
2068545.05.0
 
5.0
 
 
gomatrixserverlib/Dendrite m.room.power_levels authorization0.000.00890CVE-2022-36009
2068536.76.3
 
7.1
 
 
Parity Frontier RPC Result Parser integer overflow0.040.00890CVE-2022-36008
2068523.73.7
 
 
 
 
Jsonxx stack-based overflow0.000.00885CVE-2022-23460
2068515.55.5
 
 
 
 
radare2 adf Command cmd_anal.c anal_fcn_data memory corruption0.030.00954CVE-2020-27795
2068505.55.5
 
 
 
 
radare2 cmd_info.c cmd_info double free0.000.00885CVE-2020-27794
2068496.85.6
 
8.1
 
 
Jsonxx Value double free0.030.00885CVE-2022-23459
2068484.84.3
 
5.3
 
 
Adobe Commerce access control0.040.01046CVE-2022-35692
2068477.77.3
 
8.2
 
 
IBM MQ XML Data xml external entity reference0.070.01055CVE-2022-22489

Interested in the pricing of exploits?

See the underground prices here!