CVSSv3 09/09/2022

CVSSv3 Base

≤10
≤20
≤32
≤410
≤55
≤64
≤719
≤84
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤410
≤55
≤65
≤719
≤87
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤415
≤55
≤67
≤716
≤82
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤60
≤74
≤85
≤97
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2081826.46.5
 
6.3
 
 
Linux Kernel vmwgfx Driver vmxgfx_execbuf.c vmw_execbuf_tie_context use after free1.54+0.00000CVE-2022-40133
2081816.46.5
 
6.3
 
 
Linux Kernel vmwgfx Driver vmxgfx_execbuf.c vmw_cmd_res_check use after free1.43+0.00000CVE-2022-38457
2081806.46.5
 
6.3
 
 
Linux Kernel vmwgfx Driver vmxgfx_execbuf.c null pointer dereference1.39+0.00000CVE-2022-38096
2081796.46.5
 
6.3
 
 
Linux Kernel vmwgfx Driver vmxgfx_kms.c buffer overflow1.39+0.00000CVE-2022-36280
2081785.55.5
 
 
 
 
Linux Kernel Intel iSMT SMBus Host Controller Driver ismt_access buffer overflow1.35+0.00000CVE-2022-3077
2081773.33.3
 
 
 
 
Linux Kernel BPF Subsystem bpf_tail_call out-of-bounds1.27+0.00000CVE-2022-2905
2081765.55.5
 
 
 
 
Linux Kernel ASIX AX88179_178A Device Driver ax88179_rx_fixup memory corruption1.31+0.00000CVE-2022-2964
2081753.53.5
 
 
 
 
Linux Kernel Device nvme_dev_ioctl denial of service1.35+0.00000CVE-2022-3169
2081746.23.5
 
9.0
 
 
appwrite cross site scripting1.700.00000CVE-2022-2925
2081737.37.3
 
7.3
 
 
pdfkit URL command injection1.580.00000CVE-2022-25765
2081725.55.5
 
 
 
 
Octopus Deploy Package permission1.620.00000CVE-2022-2528
2081716.36.3
 
 
 
 
Canto Cumulus login server-side request forgery1.700.00000CVE-2022-40305
2081708.08.8
 
7.2
 
 
Fortinet FortiSOAR HTTP GET Request os command injection2.530.00000CVE-2022-29061
2081694.64.6
 
 
 
 
Linux Kernel capsule-loader.c use after free1.860.00000CVE-2022-40307
2081684.34.3
 
4.3
 
 
XWiki Platform cross-site request forgery2.06-0.00000CVE-2022-36095
2081676.36.3
 
 
 
 
Singular tmp temp file1.90-0.00000CVE-2022-40299
2081663.33.3
 
 
 
 
D-Link DIR819 Web Request denial of service1.90-0.00000CVE-2022-38258
2081655.55.5
 
 
 
 
UBports Ubuntu Touch sudo access control1.98-0.00000CVE-2022-40297
2081646.23.5
 
8.9
 
 
XWiki Platform Mentions UI Script cross site scripting1.82-0.00000CVE-2022-36098
2081636.23.5
 
8.9
 
 
XWiki Platform Attachment UI Attachment Name cross site scripting2.73-0.00000CVE-2022-36097
2081623.53.5
 
 
 
 
TastyIgniter cross site scripting2.33-0.00000CVE-2022-38256
2081616.45.3
 
7.5
 
 
XWiki Platform Old Core Template improper authentication2.42-0.00000CVE-2022-36092
2081608.16.3
 
10.0
 
 
ikus060 rdiffweb improper restriction of rendered ui layers2.17-0.00000CVE-2022-3167
2081594.34.3
 
 
 
 
vim null pointer dereference2.25-0.00000CVE-2022-3153
2081587.97.3
 
8.5
 
 
XWiki Platform Web Templates Email Verification authentication bypass2.46-0.00000CVE-2022-36093
2081573.53.5
 
 
 
 
Samsung TizenRT cyassl.c cyassl_connect_step2 information disclosure2.46-0.00000CVE-2022-40281
2081563.53.5
 
 
 
 
Samsung TizenRT provisioningdatabasemanager.c sqlite3_open_v2 denial of service2.77-0.00000CVE-2022-40280
2081558.16.3
 
9.9
 
 
cruddl Schema special elements in data query logic2.85-0.00000CVE-2022-36084
2081544.34.3
 
 
 
 
Open vSwitch Tuple Space Search denial of service4.16-0.00000CVE-2019-25076
2081536.23.5
 
8.9
 
 
XWiki Platform Index UI Attachment cross site scripting2.42-0.00000CVE-2022-36096
2081526.23.5
 
8.9
 
 
XWiki Platform Web Parent POM History cross site scripting2.34-0.00000CVE-2022-36094
2081512.62.6
 
 
 
 
Inoda OnTrack hash without salt2.25-0.00000CVE-2022-37164
2081502.62.6
 
 
 
 
Bminusl IHateToBudget hash without salt3.20-0.00000CVE-2022-37163
2081496.45.3
 
7.5
 
 
XWiki Platform Web Templates Suggestion unknown vulnerability2.61-0.00000CVE-2022-36091
2081483.53.5
 
 
 
 
Craft 360 Web Portal GET Request GetAllDeceptionUsers information disclosure2.81-0.00000CVE-2022-27969
2081473.53.5
 
 
 
 
Craft 360 Web Portal GET Request GetFileMonitorProfiles information disclosure2.81-0.00000CVE-2022-27968
2081463.53.5
 
 
 
 
Cynet 360 Web Portal GET Request GetExclusionsProfiles information disclosure2.97-0.00000CVE-2022-27967
2081457.26.3
 
8.1
 
 
XWiki Platform Old Core improper authorization2.89-0.00000CVE-2022-36090
2081446.55.6
 
7.4
 
 
Open Policy Agent protection mechanism3.13-0.00000CVE-2022-36085
2081438.16.3
 
9.9
 
 
XWiki Platform Applications Tag code injection3.01-0.00000CVE-2022-36100
2081424.24.3
 
4.0
 
 
IBM Planning Analytics information disclosure3.45-0.00000CVE-2022-22314
2081418.16.3
 
9.9
 
 
Wiki UI Main Wiki code injection2.89-0.00000CVE-2022-36099
2081403.53.5
 
 
 
 
bilde2910 Hauk config.php hard-coded password2.80-0.00000CVE-2022-37857
2081396.36.3
 
 
 
 
janobe School Activity Updates with SMS Notification sql injection2.53-0.00000CVE-2022-38269
2081386.36.3
 
 
 
 
janobe School Activity Updates with SMS sql injection2.10-0.00000CVE-2022-38268
2081376.36.3
 
 
 
 
janobe School Activity Updates with SMS Notification sql injection1.94-0.00000CVE-2022-38267
2081366.36.3
 
 
 
 
oretnom23 Apartment Visitor Management System edit-apartment.php sql injection2.22-0.00000CVE-2022-38265
2081356.36.3
 
 
 
 
janobe Interview Management System sql injection1.94-0.00000CVE-2022-38260

Want to stay up to date on a daily basis?

Enable the mail alert feature now!