CVSSv3 08/27/2022

CVSSv3 Base

≤10
≤20
≤32
≤49
≤57
≤64
≤714
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤49
≤57
≤67
≤711
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤410
≤57
≤64
≤713
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤61
≤70
≤80
≤91
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2074283.53.5
 
 
 
 
Schroot denial of service0.240.00890CVE-2022-2787
2074276.36.3
 
 
 
 
Fatek FvDesigner Project File out-of-bounds write0.050.01036CVE-2022-2866
2074265.65.6
 
 
 
 
tcpdump VRRP Parser print-vrrp.c vrrp_print buffer over-read0.050.00885CVE-2019-15167
2074253.53.5
 
 
 
 
oretnom23 Fast Food Ordering System cross site scripting1.390.00885CVE-2022-3015
2074243.53.5
 
 
 
 
SourceCodester Simple Task Managing System cross site scripting1.290.00885CVE-2022-3014
2074236.36.3
 
 
 
 
SourceCodester Simple Task Managing System loginVaLidation.php sql injection1.920.00885CVE-2022-3013
2074226.36.3
 
 
 
 
oretnom23 Fast Food Ordering System index.php sql injection1.480.00885CVE-2022-3012
2074212.42.4
 
 
 
 
Keycloak Admin Console cross site scripting0.050.00885CVE-2022-0225
2074204.34.3
 
 
 
 
Foreman Datacenter Plugin information disclosure0.000.00885CVE-2021-20260
2074193.13.1
 
 
 
 
Deluge Web UI cross site scripting0.070.00885CVE-2021-3427
2074185.55.5
 
 
 
 
edoc-doctor-appointment-system access control0.070.00885CVE-2022-36542
2074173.53.5
 
 
 
 
ZK Framework AuUploader information disclosure0.000.00885CVE-2022-36537
2074166.66.6
 
 
 
 
Eurosoft Bootloader Secure Boot access control0.140.00902CVE-2022-34303
2074156.66.6
 
 
 
 
New Horizon Datasys Bootloader Secure Boot access control0.050.00902CVE-2022-34302
2074146.66.6
 
 
 
 
CryptoPro Secure Disk Bootloader Secure Boot access control0.190.00902CVE-2022-34301
2074134.94.9
 
 
 
 
QEMU LSI53C895A SCSI Host Bus Adapter Emulation lsi_do_msgout use after free0.150.00950CVE-2022-0216
2074122.62.6
 
 
 
 
vdsm race condition0.040.00950CVE-2022-0207
2074113.53.5
 
 
 
 
XNIO notifyReadClosed allocation of resources0.000.01018CVE-2022-0084
2074106.36.3
 
 
 
 
Broadcom PAM access control0.000.00885CVE-2022-25625
2074094.34.3
 
 
 
 
Artifex Mupdf muraster.c divide by zero0.000.00885CVE-2021-4216
2074083.53.5
 
 
 
 
Undertow HTTP2 unknown vulnerability0.140.01018CVE-2021-3859
2074076.36.3
 
 
 
 
Kensite CMS DBMapper.xml sql injection0.050.00885CVE-2022-36529
2074066.56.5
 
 
 
 
MikroTik RouterOS Packet netwatch denial of service0.150.00885CVE-2022-36522
2074055.55.5
 
 
 
 
Prosody libexpat xml entity expansion0.050.00954CVE-2022-0217
2074046.56.5
 
 
 
 
SonicWALL SMA100 heap-based overflow0.000.01156CVE-2022-2915
2074034.34.3
 
 
 
 
virglrenderer missing initialization of resource0.040.00950CVE-2022-0175
2074024.94.9
 
 
 
 
Linux Kernel Common Internet File System smb2ops.c smb2_ioctl_query_info null pointer dereference0.060.00890CVE-2022-0168
2074013.53.5
 
 
 
 
edoc-doctor-appointment-system settings.php cross site scripting0.000.00885CVE-2022-36548
2074003.53.5
 
 
 
 
edoc-doctor-appointment-system index.php cross site scripting0.050.00885CVE-2022-36547
2073994.34.3
 
 
 
 
edoc-doctor-appointment-system settings.php cross-site request forgery0.000.00885CVE-2022-36546
2073984.43.5
 
5.4
 
 
IBM Maximo Asset Management Web UI cross site scripting0.000.00885CVE-2022-35714
2073976.54.3
 
8.8
 
 
IBM DataPower Gateway V10CD cross-site request forgery0.050.00885CVE-2022-31773
2073966.36.3
 
 
 
 
edoc-doctor-appointment-system settings.php sql injection0.040.00885CVE-2022-36545
2073956.36.3
 
 
 
 
edoc-doctor-appointment-system booking.php sql injection0.040.00885CVE-2022-36544
2073946.36.3
 
 
 
 
edoc-doctor-appointment-system doctors.php sql injection0.030.00885CVE-2022-36543
2073935.35.3
 
 
 
 
Linux Kernel KVM SEV API cleanup0.050.00890CVE-2022-0171

Might our Artificial Intelligence support you?

Check our Alexa App!