CVSSv3 09/16/2022

CVSSv3 Base

≤10
≤20
≤37
≤415
≤55
≤629
≤734
≤88
≤913
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤38
≤414
≤55
≤632
≤732
≤87
≤913
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤38
≤416
≤513
≤622
≤732
≤87
≤913
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤40
≤51
≤60
≤712
≤811
≤912
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2088823.53.5
 
 
 
 
Craft CMS myaccount cross site scripting0.000.00885CVE-2022-37250
2088814.34.3
 
4.3
 
 
jgraph drawio cross site scripting0.040.00885CVE-2022-3223
2088803.53.5
 
 
 
 
Genesys PureConnect Interaction Web Tools Chat Service Printable Chat History cross site scripting0.040.01018CVE-2022-37775
2088795.55.5
 
 
 
 
Aspire OASES Open Print Folder Menu Privilege Escalation0.040.02199CVE-2022-40337
2088787.56.3
 
8.8
 
 
budibase access control0.070.00885CVE-2022-3225
2088775.55.5
 
 
 
 
EspoCRM unrestricted upload0.000.00885CVE-2022-38843
2088765.55.5
 
 
 
 
Tenda RX9_Pro SetNetControlList buffer overflow0.090.00885CVE-2022-38831
2088755.55.5
 
 
 
 
Tenda RX9_Pro setIPv6Status buffer overflow0.060.00885CVE-2022-38830
2088745.55.5
 
 
 
 
Tenda RX9_Pro setMacFilterCfg buffer overflow0.160.00885CVE-2022-38829
2088735.55.5
 
 
 
 
TOTOLINK T6 cstecgi.cgi command injection0.080.02055CVE-2022-38828
2088725.55.5
 
 
 
 
TOTOLINK T6 cstecgi.cgi buffer overflow0.080.00885CVE-2022-38827
2088715.55.5
 
 
 
 
TOTOLINK T6 cstecgi.cgi Privilege Escalation0.060.00885CVE-2022-38826
2088706.36.3
 
 
 
 
ywoa exportExcel.do sql injection0.040.00885CVE-2022-38808
2088695.44.3
 
6.5
 
 
XStream XML Data stack-based overflow0.160.00885CVE-2022-40156
2088685.44.3
 
6.5
 
 
XStream XML Data stack-based overflow0.160.00885CVE-2022-40155
2088675.44.3
 
6.5
 
 
XStream XML Data stack-based overflow0.050.00885CVE-2022-40154
2088665.44.3
 
6.5
 
 
XStream XML Data stack-based overflow0.080.00885CVE-2022-40153
2088655.44.3
 
6.5
 
 
XStream XML Data stack-based overflow0.240.00885CVE-2022-40152
2088645.03.5
 
6.5
 
 
XStream XML Data stack-based overflow0.410.00885CVE-2022-40151
2088635.44.3
 
6.5
 
 
Jettison XML Parser resource consumption0.100.00885CVE-2022-40150
2088625.44.3
 
6.5
 
 
Jettison XML Parser stack-based overflow0.180.00885CVE-2022-40149
2088619.89.8
 
9.8
 
 
Qualcomm Snapdragon Connectivity/Snapdragon Mobile WLAN Key Parser memory corruption0.040.00885CVE-2022-25708
2088607.97.5
 
8.4
 
 
Qualcomm Snapdragon Auto memory corruption0.050.00885CVE-2022-25696
2088598.68.8
 
8.4
 
 
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Graphics use after free0.000.00885CVE-2022-25693
2088586.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto ps Clip memory corruption0.040.00885CVE-2022-25688
2088576.86.3
 
7.3
 
 
Qualcomm Snapdragon Auto WAV File memory corruption0.070.00885CVE-2022-25686
2088567.57.5
 
7.5
 
 
Qualcomm Snapdragon Auto WLAN denial of service0.050.00885CVE-2022-25670
2088555.94.3
 
7.5
 
 
Qualcomm Snapdragon Auto MP4 Clip Parser buffer overflow0.040.00885CVE-2022-25669
2088548.68.8
 
8.4
 
 
Qualcomm Snapdragon Auto Console memory corruption0.000.00885CVE-2022-25656
2088537.66.3
 
9.0
 
 
Qualcomm Snapdragon Wired Infrastructure and Networking BSP cryptographic issues0.000.00885CVE-2022-25652
2088527.37.3
 
 
 
 
Qualcomm Snapdragon Auto HFP-UNIT Profile memory corruption0.130.00885CVE-2022-22105
2088518.68.8
 
8.4
 
 
Qualcomm Snapdragon Compute synx Driver use after free0.040.00885CVE-2022-22095
2088507.57.5
 
7.5
 
 
Qualcomm Snapdragon Auto LTE Security Mode Command denial of service0.040.00885CVE-2022-22091
2088498.68.8
 
8.4
 
 
Qualcomm Snapdragon Connectivity Audio memory corruption0.000.00885CVE-2022-22089
2088488.68.8
 
8.4
 
 
Qualcomm Snapdragon Auto Audio Module memory corruption0.060.00885CVE-2022-22081
2088478.68.8
 
8.4
 
 
Qualcomm Snapdragon Auto wma File Playback memory corruption0.000.00885CVE-2022-22074
2088468.68.8
 
8.4
 
 
Qualcomm Snapdragon Auto HLOS memory corruption0.070.00885CVE-2022-22066
2088453.53.5
 
 
 
 
EspoCRM CSV File cross site scripting0.040.01055CVE-2022-38845
2088443.53.5
 
 
 
 
HotelDruid Hotel Management Software GET Parameter information disclosure0.000.00954CVE-2021-42948
2088433.73.7
 
 
 
 
EspoCRM missing secure attribute0.180.00885CVE-2022-38846
2088426.36.3
 
 
 
 
EspoCRM Create Contacts csv injection0.000.01055CVE-2022-38844
2088413.13.1
 
 
 
 
TOTOLINK T6 shadow.sample hard-coded password0.200.00885CVE-2022-38823
2088403.73.7
 
 
 
 
HotelDruid Hotel Management Software controlla_login improper authentication0.060.00954CVE-2021-42949
2088396.75.3
 
8.2
 
 
Qualcomm Snapdragon Auto Bluetooth Driver information disclosure0.080.00885CVE-2022-25706
2088386.45.3
 
7.5
 
 
Qualcomm Snapdragon Auto ANQP Action Frame information disclosure0.050.00885CVE-2022-25690
2088377.07.2
 
6.7
 
 
Qualcomm Snapdragon Auto ION Command memory corruption0.030.00885CVE-2022-25654
2088366.56.3
 
6.8
 
 
Qualcomm Snapdragon Compute information disclosure0.030.00885CVE-2022-25653
2088358.38.8
 
7.8
 
 
Qualcomm Snapdragon Compute Kernel memory corruption0.000.00885CVE-2022-22094
2088348.38.8
 
7.8
 
 
Qualcomm Snapdragon Compute use after free0.000.00885CVE-2022-22092
2088338.88.8
 
 
 
 
Qualcomm Snapdragon Compute Concurrent Hypervisor Operation memory corruption0.050.00885CVE-2022-22093

63 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!