CVSSv3 08/30/2022

CVSSv3 Base

≤10
≤20
≤33
≤412
≤510
≤612
≤716
≤84
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤411
≤510
≤616
≤714
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤35
≤412
≤58
≤613
≤717
≤83
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤64
≤74
≤81
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2075896.36.3
 
 
 
 
Tenda AC6/AC1200 Packet setWizard access control0.000.00890CVE-2022-37176
2075883.53.5
 
 
 
 
Tenda AC6/AC1200 GET Request DownloadFlash information disclosure0.000.00890CVE-2022-36552
2075874.34.3
 
 
 
 
ZLMediaKit RTMP Request denial of service0.000.00885CVE-2022-37237
2075865.55.5
 
 
 
 
Wavlink WL-WN575A3 adm.cgi command injection0.070.01005CVE-2022-37149
2075854.84.3
 
5.4
 
 
x-data-spreadsheet Cell cross site scripting2.390.00954CVE-2022-25646
2075847.15.3
 
9.0
 
 
arnoldaldrin binaries stack-based overflow0.090.00000CVE-2022-3022
2075835.35.3
 
5.3
 
 
sanitize-html HTML Comment incorrect regex0.050.01018CVE-2022-25887
2075826.46.3
 
6.5
 
 
Trellix DLP Endpoint xml external entity reference0.140.01055CVE-2022-2330
2075816.46.3
 
6.5
 
 
Realtek Bluetooth Mesh SDK Segmented Packet buffer overflow0.100.00885CVE-2022-26529
2075806.46.3
 
6.5
 
 
Realtek Bluetooth Mesh SDK Segmented Packet buffer overflow0.050.00885CVE-2022-26528
2075796.46.3
 
6.5
 
 
Realtek Bluetooth Mesh SDK Segmented Packet buffer overflow0.000.00885CVE-2022-26527
2075786.45.3
 
7.5
 
 
snakeyaml Depth denial of service2.150.01018CVE-2022-25857
2075774.34.3
 
 
 
 
Realtek Bluetooth Mesh SDK Network Packet buffer overflow0.100.00885CVE-2022-25635
2075763.53.5
 
 
 
 
Sangoma Asterisk/Certified Asterisk T.38 Re-Invite res_pjsip_t38 denial of service0.050.00885CVE-2021-46837
2075758.57.3
 
9.8
 
 
Le-yan Personnel and Salary Management System hard-coded credentials0.000.01055CVE-2022-38116
2075747.56.3
 
8.8
 
 
OAKlouds Portal sql injection0.000.01055CVE-2022-38118
2075733.53.5
 
 
 
 
GNU Inetutils telnetd null pointer dereference0.050.00890CVE-2022-39028
2075724.12.4
 
5.9
 
 
Snipe-IT cross site scripting0.190.00885CVE-2022-3035
2075713.53.5
 
 
 
 
oauth2-server URI Pattern cross site scripting0.000.00950CVE-2020-26938
2075704.73.5
 
5.9
 
 
kirby Autocomplete Dropdown cross site scripting0.000.01549CVE-2022-36037
2075696.36.3
 
 
 
 
Poppler JBIG2 Decoder JBIGStream.cc readTextRegionSeg integer overflow0.050.01719CVE-2022-38784
2075686.36.3
 
 
 
 
Xpdf JPXStream.cc integer overflow0.000.01018CVE-2022-24107
2075675.55.5
 
 
 
 
Xpdf DCT Decoder Stream.cc numeric error0.050.01018CVE-2022-24106
2075665.55.5
 
 
 
 
Hitachi Kokusai Electric ISnex HC-IP9100HD GET Request ptippage.cgi path traversal0.100.00885CVE-2022-37681
2075652.62.6
 
 
 
 
HireVue Hiring Platform risky encryption0.050.00885CVE-2022-37177
2075643.12.6
 
3.6
 
 
mdx-mermaid cross site scripting0.110.00885CVE-2022-36036
2075638.08.0
 
 
 
 
Patlite NH-FB Firmware unrestricted upload0.100.00890CVE-2022-38625
2075624.34.3
 
 
 
 
Hitachi Kokusai Electric ISnex HC-IP9100HD POST Request ptipupgrade.cgi access control0.050.00885CVE-2022-37680
2075615.55.5
 
 
 
 
Seiko SkyBridge MB-A200 ping_exec.cgi command injection0.040.02055CVE-2022-36559
2075603.53.5
 
 
 
 
Seiko SkyBridge MB-A100/SkyBridge MB-A110 ciel.cfg hard-coded password0.050.00885CVE-2022-36558
2075595.55.5
 
 
 
 
Seiko SkyBridge MB-A100/SkyBridge MB-A110 Restore Backup unrestricted upload0.000.01773CVE-2022-36557
2075585.55.5
 
 
 
 
Seiko SkyBridge MB-A100/SkyBridge MB-A110 07system08execute_ping_01 command injection0.000.02055CVE-2022-36556
2075578.88.8
 
 
 
 
Hytec Inter HWL-2511-SS Command Line Interface command injection0.050.02211CVE-2022-36554
2075565.55.5
 
 
 
 
Hytec Inter HWL-2511-SS popen.cgi command injection0.000.02211CVE-2022-36553
2075555.55.5
 
 
 
 
TOTOLINK A7000R ExportSettings.sh access control0.000.00885CVE-2022-32993
2075546.36.3
 
 
 
 
Seiko SkyBridge MB-A200 system.conf hard-coded password0.050.00885CVE-2022-36560
2075532.62.6
 
 
 
 
Hytec Inter HWL-2511-SS SHA512crypt weak hash0.060.00954CVE-2022-36555
2075526.36.3
 
 
 
 
Zoho ManageEngine OpManager NMAP access control0.100.01978CVE-2022-38772
2075513.53.5
 
 
 
 
WP Hide & Security Enhancer Plugin Backend Page cross site scripting0.050.00885CVE-2022-2538
2075502.42.4
 
 
 
 
Simply Schedule Appointments Plugin Setting cross site scripting0.000.00885CVE-2022-2374
2075495.35.3
 
 
 
 
XplodedThemes WPIDE Plugin Admin Dashboard Page path traversal0.060.00885CVE-2022-2261
2075483.53.5
 
 
 
 
Export All URLs Plugin CSV File file inclusion0.050.00885CVE-2022-2638
2075474.74.7
 
 
 
 
Fluent Support Plugin sql injection0.070.00885CVE-2022-2559
2075464.34.3
 
 
 
 
Simply Schedule Appointments Plugin REST Endpoint authorization0.000.00885CVE-2022-2373
2075455.55.5
 
 
 
 
Sensei LMS Plugin Private Message authorization0.180.00885CVE-2022-2080
2075447.37.3
 
 
 
 
Sensei LMS Plugin REST Endpoint authorization0.200.00885CVE-2022-2034
2075433.53.5
 
 
 
 
Stop Spam Comments Plugin Access Token information disclosure0.060.00885CVE-2022-1663
2075426.36.3
 
 
 
 
SourceCodester Library Management System lab.php sql injection0.000.00885CVE-2022-36714
2075416.36.3
 
 
 
 
SourceCodester Library Management System lab.php sql injection0.000.00885CVE-2022-36713
2075406.36.3
 
 
 
 
SourceCodester Library Management System studentdetails.php sql injection0.000.00885CVE-2022-36712

9 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!