CVSSv3 09/02/2022

CVSSv3 Base

≤10
≤20
≤34
≤422
≤520
≤619
≤729
≤814
≤910
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤32
≤422
≤520
≤621
≤730
≤818
≤93
≤103

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤35
≤424
≤524
≤616
≤725
≤822
≤92
≤103

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤54
≤62
≤77
≤812
≤913
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2078327.87.3
 
8.3
 
 
SFTPGo Two-factor Authentication improper authentication0.000.00885CVE-2022-36071
2078315.55.5
 
 
 
 
PublicCMS ueditor server-side request forgery0.050.00885CVE-2021-27693
2078306.55.3
 
7.8
 
 
Dell Command Update/Update/Alienware Update Custom Catalog Configuration access control0.120.00885CVE-2022-34382
2078293.33.3
 
 
 
 
Dell EMC PowerScale OneFS path traversal0.030.00885CVE-2022-34378
2078285.93.7
 
8.1
 
 
Dell EMC PowerScale OneFS cleartext transmission0.050.00885CVE-2022-34371
2078276.37.3
 
5.3
 
 
jgraph drawio access control0.000.00885CVE-2022-3065
2078265.65.6
 
 
 
 
Modsecurity owasp-modsecurity-crs WAF Protection sql injection0.000.00885CVE-2020-22669
2078255.63.1
 
8.1
 
 
Dell EMC PowerScale OneFS log file0.000.00885CVE-2022-34369
2078248.48.4
 
8.4
 
 
Qualcomm Snapdragon Auto Multimedia memory corruption0.000.00885CVE-2022-25680
2078236.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto ASF Clip memory corruption0.040.00885CVE-2022-25668
2078226.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto MKV Clip Parser memory corruption0.060.00885CVE-2022-25659
2078216.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto Video Parser memory corruption0.040.00885CVE-2022-25658
2078206.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto MKV Clip memory corruption0.000.00885CVE-2022-25657
2078198.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto Multimedia memory corruption0.050.00885CVE-2022-22106
2078187.87.8
 
 
 
 
Qualcomm Snapdragon Auto Multimedia memory corruption0.000.00885CVE-2022-22104
2078177.87.8
 
 
 
 
Qualcomm Snapdragon Auto Multimedia memory corruption0.050.00885CVE-2022-22102
2078167.87.8
 
 
 
 
Qualcomm Snapdragon Auto Multimedia memory corruption0.040.00885CVE-2022-22100
2078157.87.8
 
 
 
 
Qualcomm Snapdragon Auto Array Index memory corruption0.050.00885CVE-2022-22099
2078148.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto Multimedia Driver memory corruption0.000.00885CVE-2022-22098
2078138.17.8
 
8.4
 
 
Qualcomm Snapdragon Consumer IOT Graphic Driver use after free0.000.00885CVE-2022-22097
2078129.89.8
 
9.8
 
 
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow0.040.00885CVE-2022-22096
2078118.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto PCM Routing Process memory corruption0.050.00885CVE-2022-22080
2078107.87.8
 
7.8
 
 
Qualcomm Snapdragon Auto APR Routing Table memory corruption0.060.00885CVE-2022-22070
2078097.87.8
 
7.7
 
 
Qualcomm Snapdragon Auto RPMB cryptographic issues0.000.00885CVE-2022-22069
2078087.57.5
 
7.5
 
 
Qualcomm Snapdragon Auto NSA RRC Reconfiguration memory leak0.000.00885CVE-2022-22067
2078076.95.6
 
8.2
 
 
Qualcomm Snapdragon Auto Server Certificate Parser out-of-bounds0.040.00885CVE-2022-22062
2078067.87.8
 
 
 
 
Qualcomm Snapdragon Compute Device ID Verification out-of-bounds write0.060.00885CVE-2022-22061
2078058.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto Video File Parser out-of-bounds0.040.00885CVE-2022-22059
2078045.55.5
 
 
 
 
Qualcomm Snapdragon Auto RSA Key Import null pointer dereference0.040.00885CVE-2021-35135
2078038.17.8
 
8.4
 
 
Qualcomm Snapdragon Connectivity ELF Header memory corruption0.040.00885CVE-2021-35134
2078026.76.7
 
6.7
 
 
Qualcomm Snapdragon Connectivity Synx Driver use after free0.040.00885CVE-2021-35133
2078018.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto DSP Service out-of-bounds write0.030.00885CVE-2021-35132
2078008.57.8
 
9.3
 
 
Qualcomm Snapdragon Auto IO Space xPUs permission0.040.00885CVE-2021-35122
2077997.06.8
 
7.3
 
 
Qualcomm Snapdragon Auto signature verification0.030.00885CVE-2021-35113
2077986.86.8
 
 
 
 
Qualcomm Snapdragon Connectivity/Snapdragon Mobile APP-S Local Privilege Escalation0.030.00885CVE-2021-35109
2077974.82.4
 
7.3
 
 
Qualcomm Snapdragon Auto signature verification0.000.00885CVE-2021-35097
2077966.46.5
 
6.2
 
 
Qualcomm Snapdragon Auto HAB Message resource consumption0.030.00885CVE-2022-22101
2077956.86.8
 
6.8
 
 
Qualcomm Snapdragon Connectivity/Snapdragon Mobile AP-S Lock Bit permission0.040.00885CVE-2021-35108
2077942.42.4
 
 
 
 
Discourse Email Address resource consumption0.030.00890CVE-2022-37458
2077934.34.3
 
 
 
 
Binary UnmarshalWithDecoder memory allocation0.040.00954CVE-2022-36078
2077925.35.3
 
 
 
 
wolfSSL Client infinite loop0.050.00885CVE-2021-44718
2077916.54.3
 
8.8
 
 
NodeBB SSO cross-site request forgery0.080.00954CVE-2022-36076
2077903.53.5
 
 
 
 
Miniblog.Core edit cross site scripting0.060.00885CVE-2022-37679
2077893.53.5
 
 
 
 
BlogEngine posts cross site scripting0.060.00885CVE-2022-36600
2077883.53.5
 
 
 
 
MediaWiki Community Configuration Pages denial of service0.050.00885CVE-2022-39194
2077875.05.0
 
 
 
 
Apache Airflow umask race condition0.040.01164CVE-2022-38170
2077866.36.3
 
 
 
 
Apache Airflow Webserver Session Backend session fixiation0.000.00885CVE-2022-38054
2077856.36.3
 
 
 
 
Apache OFBiz Ecommerce Plugin special elements used in a template engine0.040.00885CVE-2022-25813
2077843.53.5
 
 
 
 
SourceCodester Garage Management System brand.php cross site scripting0.000.00885CVE-2022-36637
2077835.55.5
 
 
 
 
Apache OFBiz Solr Plugin deserialization0.030.00885CVE-2022-29063

71 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!