CVSSv3 08/26/2022

CVSSv3 Base

≤10
≤20
≤32
≤412
≤514
≤623
≤737
≤811
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤412
≤515
≤635
≤725
≤810
≤94
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤414
≤513
≤622
≤738
≤810
≤94
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤61
≤71
≤82
≤91
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2073924.64.6
 
 
 
 
Keycloak input validation0.060.00885CVE-2021-3754
2073914.34.3
 
 
 
 
QEMU AHCI Controller Device ahci_reset_port locking0.000.00890CVE-2021-3735
2073905.55.5
 
 
 
 
openshift-serverless Privilege Escalation0.050.00885CVE-2021-3703
2073895.55.5
 
 
 
 
Keycloak WebAuthn improper authentication0.340.01018CVE-2021-3632
2073883.53.5
 
 
 
 
openstack-tripleo-heat-templates OSP13 Deployment information disclosure0.000.00950CVE-2021-3585
2073875.35.3
 
 
 
 
ImageMagick Convert Command memory leak0.080.00954CVE-2021-3574
2073865.55.5
 
 
 
 
OpenStack Keystone Application Secret stack-based overflow0.080.01018CVE-2021-3563
2073855.55.5
 
 
 
 
Red Hat Satellite permissions0.000.00885CVE-2021-3414
2073848.88.8
 
 
 
 
Linux Kernel SUID/GUID begin_new_exec permission0.050.03090CVE-2021-3864
2073838.88.8
 
 
 
 
RPM link following0.060.00950CVE-2021-35939
2073825.05.0
 
 
 
 
Keycloak ClasspathThemeResourceProviderFactory path traversal0.030.00950CVE-2021-3856
2073815.55.5
 
 
 
 
wildfly-core Management Interface information disclosure0.430.01034CVE-2021-3644
2073803.53.5
 
 
 
 
Red Hat JBoss Core Services httpd path traversal0.000.00885CVE-2021-3688
2073796.56.5
 
 
 
 
Linux Kernel Shared Memory Page resource consumption0.030.00950CVE-2021-3669
2073786.36.3
 
 
 
 
cskefu permission0.000.00885CVE-2022-36521
2073775.55.5
 
 
 
 
SourceCodester Online Diagnostic Lab Management System access control0.140.00885CVE-2022-37151
2073764.34.3
 
 
 
 
mm-wiki cross-site request forgery0.000.00885CVE-2021-39394
2073753.53.5
 
 
 
 
mm-wiki Markdown Editor cross site scripting0.000.00885CVE-2021-39393
2073745.55.5
 
 
 
 
Automattic Mongoose schema.js prototype pollution0.000.00954CVE-2022-24304
2073733.53.5
 
 
 
 
SourceCodester Online Diagnostic Lab Management System cross site scripting0.000.00885CVE-2022-37150
2073726.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.000.00885CVE-2022-36679
2073716.36.3
 
 
 
 
SourceCodester Online Diagnostic Lab Management System sql injection0.000.00885CVE-2022-37152
2073706.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.000.00885CVE-2022-36683
2073696.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.030.00885CVE-2022-36682
2073686.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.040.00885CVE-2022-36681
2073676.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.000.00885CVE-2022-36680
2073666.36.3
 
 
 
 
oretnom23 Simple Task Scheduling System sql injection0.000.00885CVE-2022-36678
2073654.64.6
 
 
 
 
htmly backup.html.php denial of service0.040.00885CVE-2021-40285
2073647.56.3
 
8.8
 
 
Cisco ACI Multi-Site Orchestrator API improper authorization0.240.01055CVE-2022-20921
2073633.53.5
 
 
 
 
NetApp Active IQ Unified Manager AutoSupport Telemetry information disclosure0.040.00885CVE-2022-23235
2073624.54.3
 
4.7
 
 
GE WorkstationST iHistorian Data Display cross site scripting0.000.00885CVE-2022-37952
2073613.53.5
 
 
 
 
Jfinal CMS Blog Module cross site scripting0.000.00885CVE-2022-36527
2073605.25.6
 
4.7
 
 
GE WorkstationST Challenge-Response response splitting0.070.00885CVE-2022-37953
2073597.37.3
 
 
 
 
mod_wsgi Header less trusted source0.000.00954CVE-2022-2255
2073583.53.5
 
 
 
 
Elastic Cloud Enterprise user log file0.050.00885CVE-2022-23715
2073573.53.5
 
 
 
 
colord cd-device-db.c sqlite3_exec information disclosure0.050.00885CVE-2021-42523
2073563.53.5
 
 
 
 
GNOME anjuta libxml2 API anjuta-bookmarks.c xmlGetProp information disclosure0.000.00885CVE-2021-42522
2073553.53.5
 
 
 
 
VTK libxml2 API vtkXMLTreeReader.cxx xmlDocGetRootElement resource consumption0.040.00885CVE-2021-42521
2073546.36.3
 
 
 
 
virglrenderer IOCTL out-of-bounds write0.030.01036CVE-2022-0135
2073535.55.5
 
 
 
 
rizin Binarygets uninitialized pointer0.040.00885CVE-2021-4022
2073524.84.3
 
5.4
 
 
SEO Scout Plugin Setting cross-site request forgery0.000.00885CVE-2022-36358
2073515.55.5
 
 
 
 
Odyssey insufficiently protected credentials0.140.00885CVE-2021-43767
2073505.55.5
 
 
 
 
Odyssey sql injection0.150.00885CVE-2021-43766
2073493.53.5
 
 
 
 
smallrye-health-ui UI cross site scripting0.060.00885CVE-2021-3914
2073486.36.3
 
 
 
 
RPM link following0.000.01034CVE-2021-35938
2073474.34.3
 
 
 
 
D-Link AC1200/DSL-3782 Login.asp denial of service0.000.01018CVE-2022-35192
2073465.55.5
 
 
 
 
Lexmark Product Configuration Setting input validation0.060.00885CVE-2022-29850
2073453.53.5
 
 
 
 
Ericsson Network Manager AMOS access control0.030.00885CVE-2021-32570
2073444.34.3
 
 
 
 
Archer Platform API access control0.000.00885CVE-2022-37316
2073436.36.3
 
 
 
 
Nortek Linear eMerge E3 ReaderNo os command injection0.040.00954CVE-2022-31499

53 more entries are not shown

Do you know our Splunk app?

Download it now for free!