CVSSv3 09/12/2022

CVSSv3 Base

≤10
≤20
≤31
≤413
≤54
≤67
≤713
≤84
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤413
≤55
≤613
≤76
≤84
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤413
≤55
≤65
≤714
≤84
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤62
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2085086.36.3
 
 
 
 
Apple Safari WebKit Remote Code Execution0.040.00000CVE-2022-32891
2085076.36.3
 
 
 
 
Apple Safari WebKit out-of-bounds0.050.01843CVE-2022-32912
2085066.36.3
 
 
 
 
Apple Safari WebKit buffer overflow0.080.02806CVE-2022-32886
2085054.34.3
 
 
 
 
Apple Safari Web Extensions state issue0.050.00954CVE-2022-32868
2085045.35.3
 
 
 
 
Apple macOS PackageKit state issue0.050.00000CVE-2022-32900
2085036.36.3
 
 
 
 
Apple macOS MediaLibrary memory corruption0.040.00950CVE-2022-32908
2085023.33.3
 
 
 
 
Apple macOS Maps information disclosure0.040.02680CVE-2022-32883
2085017.87.8
 
 
 
 
Apple macOS Kernel buffer overflow0.040.01237CVE-2022-32917
2085003.33.3
 
 
 
 
Apple macOS Kernel information disclosure0.040.00950CVE-2022-32864
2084997.87.8
 
 
 
 
Apple macOS Kernel memory corruption0.000.01237CVE-2022-32911
2084984.34.3
 
 
 
 
Apple macOS iMovie information disclosure0.040.00000CVE-2022-32896
2084975.35.3
 
 
 
 
Apple macOS ATS state issue0.050.00000CVE-2022-32902
2084966.36.3
 
 
 
 
Apple iOS/iPadOS WebKit out-of-bounds0.040.01843CVE-2022-32912
2084956.36.3
 
 
 
 
Apple iOS/iPadOS WebKit buffer overflow0.000.02806CVE-2022-32886
2084942.42.4
 
 
 
 
Apple iOS/iPadOS Shortcuts access control0.060.00885CVE-2022-32872
2084934.34.3
 
 
 
 
Apple iOS/iPadOS Safari Extensions state issue0.050.00954CVE-2022-32868
2084926.36.3
 
 
 
 
Apple iOS/iPadOS Safari Remote Code Execution0.050.00885CVE-2022-32795
2084915.35.3
 
 
 
 
Apple iOS/iPadOS MediaLibrary memory corruption0.040.00950CVE-2022-32908
2084903.33.3
 
 
 
 
Apple iOS/iPadOS Maps information disclosure0.080.02680CVE-2022-32883
2084897.87.8
 
 
 
 
Apple iOS/iPadOS Kernel Local Privilege Escalation0.050.01237CVE-2022-32917
2084883.33.3
 
 
 
 
Apple iOS/iPadOS Kernel information disclosure0.030.00950CVE-2022-32864
2084877.87.8
 
 
 
 
Apple iOS/iPadOS Kernel memory corruption0.090.01237CVE-2022-32911
2084865.35.3
 
 
 
 
Apple iOS/iPadOS Contacts access control0.050.00890CVE-2022-32854
2083233.53.5
 
 
 
 
Torguard VPN information disclosure0.040.00885CVE-2022-37835
2083223.53.5
 
 
 
 
SysAid Help Desk Asset Dashboard cross site scripting0.000.00885CVE-2022-40325
2083213.53.5
 
 
 
 
SysAid Help Desk Linked SR cross site scripting0.090.00885CVE-2022-40324
2083203.53.5
 
 
 
 
SysAid Help Desk Password Services Module cross site scripting0.050.00885CVE-2022-40323
2083193.53.5
 
 
 
 
SysAid Help Desk cross site scripting0.000.00885CVE-2022-40322
2083184.34.3
 
 
 
 
Movable Type plugin A-Form cross site scripting0.080.01136CVE-2022-38972
2083176.36.3
 
 
 
 
sazanrjb InventoryManagementSystem ConnectionFactory.java sql injection0.000.00954CVE-2022-36259
2083166.36.3
 
 
 
 
sazanrjb InventoryManagementSystem CustomerDAO.java sql injection0.000.00954CVE-2022-36258
2083156.36.3
 
 
 
 
sazanrjb InventoryManagementSystem UserDAO.java sql injection0.000.00954CVE-2022-36257
2083146.36.3
 
 
 
 
sazanrjb InventoryManagementSystem Stocks.java sql injection0.000.00954CVE-2022-36256
2083136.36.3
 
 
 
 
sazanrjb InventoryManagementSystem SupplierDAO.java sql injection0.000.00954CVE-2022-36255
2083123.53.5
 
 
 
 
Micro-Star International MSI Feature Navigator File Download information disclosure0.050.00890CVE-2022-34110
2083115.55.5
 
 
 
 
Micro-Star International MSI Feature Navigator access control0.050.00890CVE-2022-34109
2083103.53.5
 
 
 
 
Micro-Star International MSI Feature Nagivator Image File denial of service0.040.00954CVE-2022-34108
2083095.96.3
 
5.4
 
 
gophish Next Query Parameter redirect0.040.00885CVE-2022-25295
2083085.15.0
 
5.3
 
 
com.diffplug.gradle:goomph ZIP File path traversal0.000.04571CVE-2022-26049
2083073.53.5
 
 
 
 
SourceCodester Simple Online Book Store System admin_book.php cross site scripting0.000.00885CVE-2022-37796
2083066.36.3
 
 
 
 
SourceCodester Library Management System in-card.php sql injection0.050.00885CVE-2022-37794
2083053.53.5
 
 
 
 
SourceCodester Hotel Management System index.php cross site scripting0.050.01055CVE-2022-36254

Want to stay up to date on a daily basis?

Enable the mail alert feature now!