CVSSv3 09/08/2022

CVSSv3 Base

≤10
≤20
≤31
≤49
≤58
≤619
≤717
≤84
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤49
≤58
≤625
≤714
≤81
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤410
≤57
≤621
≤715
≤84
≤90
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤53
≤64
≤71
≤84
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2081346.36.3
 
 
 
 
janobe Interview Management System editQuestion.php sql injection1.18+0.00000CVE-2022-38255
2081334.84.3
 
5.3
 
 
jgraph drawio cross site scripting1.570.00000CVE-2022-3148
2081324.34.3
 
4.3
 
 
jgraph drawio cross site scripting1.340.00000CVE-2022-3138
2081314.34.3
 
 
 
 
Jitsi HTTP Request clickjacking1.410.00000CVE-2022-36736
2081306.36.3
 
 
 
 
Netgear R6200 acos_service command injection1.280.00000CVE-2022-30079
2081299.99.8
 
10.0
 
 
QNAP QTS Photo Station external reference1.570.00000CVE-2022-27593
2081283.83.7
 
4.0
 
 
Cisco Small Business RV110W IPSec VPN Server unknown vulnerability1.660.00000CVE-2022-20923
2081274.95.4
 
4.3
 
 
Cisco Webex App Messaging Interface multiple interpretations of ui input1.310.00000CVE-2022-20863
2081265.05.0
 
 
 
 
Cisco SD-WAN vManage Software Binding Configuration access control1.240.00000CVE-2022-20696
2081255.55.5
 
 
 
 
Alfasado PowerCMS XMLRPC API command injection1.180.00000CVE-2022-33941
2081244.34.3
 
 
 
 
PLANEX SmaCam CS-QR10/SmaCam Night Vision CS-QR20 protection mechanism1.280.00000CVE-2022-38399
2081236.36.3
 
 
 
 
Ricoh Device Software Manager Installer untrusted search path1.310.00000CVE-2022-36403
2081225.35.3
 
 
 
 
SYNCK GRAPHICA Mailform Pro Cgi URL information disclosure1.180.00000CVE-2022-38400
2081217.37.3
 
 
 
 
CentreCOM AR260S V2 hard-coded credentials1.210.00000CVE-2022-38394
2081206.36.3
 
 
 
 
CentreCOM AR260S V2 telnet os command injection1.180.00000CVE-2022-38094
2081196.36.3
 
 
 
 
CentreCOM AR260S V2 os command injection1.280.00000CVE-2022-35273
2081186.36.3
 
 
 
 
CentreCOM AR260S V2 telnet os command injection1.210.00000CVE-2022-34869
2081174.83.7
 
5.9
 
 
org.eclipse.milo:sdk-server CloseSession Request memory allocation1.210.00000CVE-2022-25897
2081165.55.5
 
 
 
 
Apache James STARTTLS Command command injection1.310.00000CVE-2022-28220
2081156.36.3
 
 
 
 
com.google.cloud.tools:jib-core isDockerInstalled Privilege Escalation1.790.00000CVE-2022-25914
2081145.25.3
 
5.0
 
 
GoCD Installation access control1.790.00000CVE-2022-36088
2081135.35.3
 
5.3
 
 
mangadex-downloader information disclosure1.880.00000CVE-2022-36082
2081125.55.5
 
 
 
 
D-Link DAP1650 CGI Program fileaccess.cgi strncpy buffer overflow1.880.00000CVE-2022-36588
2081115.55.5
 
 
 
 
Tenda G3 httpd 0x869f4 buffer overflow1.500.00000CVE-2022-36586
2081102.42.4
 
 
 
 
Nagios XI System Performance Settings Page cross site scripting2.070.00000CVE-2022-38251
2081093.53.5
 
 
 
 
Nagios XI MTR cross site scripting2.010.00000CVE-2022-38249
2081083.53.5
 
 
 
 
Nagios XI System Settings Page cross site scripting1.90-0.00000CVE-2022-38247
2081075.55.5
 
 
 
 
Tenda G3 httpd addDhcpRule buffer overflow2.59-0.00000CVE-2022-36585
2081067.37.3
 
 
 
 
KubeVela VelaUX APIServer getSystemInfo authentication replay2.11-0.00000CVE-2022-36089
2081053.53.5
 
 
 
 
xiunobbs Attachment Upload cross site scripting2.29-0.00000CVE-2020-19914
2081045.24.3
 
6.1
 
 
Wikmd Markdown cross site scripting2.14-0.00000CVE-2022-36080
2081037.27.2
 
7.2
 
 
Sophos Firewall Webadmin sql injection2.14-0.00000CVE-2022-1807
2081026.36.3
 
 
 
 
FPT G-97RG6M/G-97RG3 ping Privilege Escalation2.01-0.00000CVE-2022-38531
2081015.35.3
 
 
 
 
PlexTrac Authentication Provider information disclosure2.62-0.00000CVE-2022-37146
2081006.36.3
 
 
 
 
Netgear R8000 POST bd_genie_create_account.cgi buffer overflow3.16-0.00000CVE-2021-34236
2080996.36.3
 
 
 
 
Nagios XI Manage MIBs Page sql injection2.41-0.00000CVE-2022-38250
2080985.35.3
 
 
 
 
linked_list_allocator extend out-of-bounds write2.06-0.00000CVE-2022-36086
2080976.45.3
 
7.5
 
 
Wikmd <path:folderpath> path traversal2.56-0.00000CVE-2022-36081
2080965.35.3
 
 
 
 
Parse Server Field information disclosure1.84-0.00000CVE-2022-36079
2080955.55.5
 
 
 
 
Tenda AC18 saveParentControlInfo stack-based overflow2.29-0.00000CVE-2022-38314
2080945.55.5
 
 
 
 
Tenda AC18 saveParentControlInfo stack-based overflow2.38-0.00000CVE-2022-38313
2080935.55.5
 
 
 
 
Tenda AC18 PowerSaveSet stack-based overflow1.65-0.00000CVE-2022-38311
2080925.55.5
 
 
 
 
Tenda AC18 SetStaticRouteCfg stack-based overflow1.40-0.00000CVE-2022-38310
2080915.55.5
 
 
 
 
Tenda AC18 SetVirtualServerCfg stack-based overflow1.21-0.00000CVE-2022-38309
2080906.36.3
 
 
 
 
Netgear R6200 V2/R6300 V2 ipv6_fix.cgi os command injection2.01-0.00000CVE-2022-30078
2080893.73.7
 
 
 
 
PlexTrac MFA TOTP Submission excessive authentication2.88-0.00000CVE-2022-37144
2080885.35.3
 
5.3
 
 
JOSE resource consumption2.00-0.00000CVE-2022-36083
2080874.34.3
 
 
 
 
Flux2 Helm SDK memory allocation2.16-0.00000CVE-2022-36049
2080866.36.3
 
 
 
 
Phicomm FIR151B A2/FIR302E A2/FIR300B A2/FIR303B A2 ping Privilege Escalation2.06-0.00000CVE-2022-37779
2080856.36.3
 
 
 
 
Phicomm FIR151B A2/FIR302E A2/FIR300B A2/FIR303B A2 time Privilege Escalation2.16-0.00000CVE-2022-37778

9 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!