CVSSv3 09/21/2022

CVSSv3 Base

≤10
≤20
≤30
≤47
≤513
≤623
≤731
≤83
≤912
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤513
≤628
≤728
≤81
≤912
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤46
≤516
≤624
≤727
≤84
≤911
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤61
≤73
≤85
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2092393.53.5
 
 
 
 
Craft CMS BaseElementSelectInput.js cross site scripting0.060.00885CVE-2022-37246
2092386.36.3
 
 
 
 
Erlang OTP Client Authentication improper authentication0.240.00954CVE-2022-37026
2092376.45.3
 
7.5
 
 
Çekino Bilgi Teknolojileri Identity and Directory Management System path traversal0.040.00885CVE-2022-2265
2092363.84.3
 
3.3
 
 
Rapid7 InsightVM Login Panel information disclosure0.060.00885CVE-2019-5641
2092354.34.3
 
 
 
 
XPDF FoFiType1C.cc null pointer dereference0.050.00885CVE-2022-38928
2092344.62.4
 
6.8
 
 
pimcore cross site scripting0.040.00885CVE-2022-3255
2092335.35.3
 
5.3
 
 
OctoPrint privileges management0.000.00885CVE-2022-3068
2092324.03.7
 
4.4
 
 
OctoPrint Session Cookie session expiration0.000.00885CVE-2022-2888
2092315.35.3
 
 
 
 
ISC BIND Resolver denial of service0.120.01626CVE-2022-3080
2092304.74.7
 
 
 
 
ISC BIND Statistics Channel buffer overflow0.240.00885CVE-2022-2881
2092295.55.5
 
 
 
 
octoprint unrestricted upload0.000.00885CVE-2022-2872
2092285.35.3
 
 
 
 
ISC BIND DNS Resolution Service denial of service0.450.01626CVE-2022-2795
2092275.35.3
 
 
 
 
ISC BIND memory leak0.280.01626CVE-2022-38178
2092265.35.3
 
 
 
 
ISC BIND ECDSA Signature memory leak0.280.01626CVE-2022-38177
2092255.35.3
 
 
 
 
ISC BIND named resource consumption0.650.00885CVE-2022-2906
2092245.55.5
 
 
 
 
md2roff Markdown File stack-based overflow0.000.00885CVE-2022-41220
2092237.37.3
 
 
 
 
Database Software Accreditation Tracking/Presentation sql injection0.120.00885CVE-2022-2315
2092227.37.3
 
 
 
 
Parantez Teknoloji KOHA sql injection0.050.00885CVE-2022-0495
2092214.94.9
 
 
 
 
Apache Airflow confirm redirect0.040.00885CVE-2022-40754
2092203.53.5
 
 
 
 
Apache Airflow URL information disclosure0.140.00885CVE-2022-40604
2092196.36.3
 
 
 
 
Linux Kernel TLB mremap.c use after free0.230.00950CVE-2022-41222
2092185.05.0
 
 
 
 
Linux Kernel dmxdev.c dvb_dmxdev_release use after free0.350.00950CVE-2022-41218
2092175.35.3
 
 
 
 
Apple macOS Privacy Preferences access control0.140.00885CVE-2022-32882
2092165.35.3
 
 
 
 
Apple macOS access control0.000.00885CVE-2022-32880
2092155.35.3
 
 
 
 
Apple macOS Privacy Preferences access control0.000.00890CVE-2022-32854
2092146.36.3
 
 
 
 
JFinal CMS sql injection0.000.00885CVE-2022-37205
2092135.84.6
 
7.1
 
 
TIBCO Spotfire Analytics Platform for AWS Marketplace Web Player server-side request forgery0.000.00885CVE-2022-30579
2092126.45.3
 
7.5
 
 
McWebserver HTTP Request path traversal0.000.00885CVE-2022-39221
2092115.24.3
 
6.1
 
 
SFTPGo WebClient cross site scripting0.000.01055CVE-2022-39220
2092103.53.5
 
 
 
 
Huawei CV81-WDM denial of service0.000.00885CVE-2022-37395
2092094.34.3
 
 
 
 
Apple macOS IP Address information disclosure0.000.00885CVE-2022-32861
2092084.34.3
 
 
 
 
Apple Safari IP Address information disclosure0.000.00885CVE-2022-32861
2092075.55.5
 
 
 
 
Apple macOS sandbox0.050.00885CVE-2022-26696
2092064.34.3
 
 
 
 
Aruba ClearPass Policy Manager Web-based Management Interface cross-site request forgery0.000.01055CVE-2022-23685
2092055.05.0
 
 
 
 
Huawei WS7200-10 Privilege Escalation0.000.00885CVE-2021-46835
2092045.55.5
 
 
 
 
stealjs babel.js prototype pollution0.000.00954CVE-2022-37265
2092033.53.5
 
 
 
 
stealjs babel.js incorrect regex0.000.00954CVE-2022-37259
2092024.34.3
 
 
 
 
SmokePing ebuild denial of service0.060.00885CVE-2017-20147
2092014.34.3
 
 
 
 
Huawei 576up005 HOTA-CM-H-Shark-BD Headset out-of-bounds write0.000.00885CVE-2020-36602
2092006.36.3
 
 
 
 
SmartVista SVFE2 mcc_group.jsf sql injection0.050.00954CVE-2022-38619
2091995.85.0
 
6.6
 
 
Grafana Proxy authentication spoofing0.330.00885CVE-2022-35957
2091986.45.3
 
7.5
 
 
JS Compute Runtime for Fastly WebAssembly Module prng seed0.110.00885CVE-2022-39218
2091976.36.3
 
 
 
 
Baijia CMS URL Parameter fetch_net_file_upload server-side request forgery0.040.01055CVE-2022-38931
2091964.34.3
 
 
 
 
Aruba ClearPass Policy Manager Guest User Interface denial of service0.000.00885CVE-2022-37884
2091958.88.8
 
 
 
 
Aruba ClearPass Policy Manager OnGuard Agent Privilege Escalation0.760.01036CVE-2022-37877
2091946.36.3
 
 
 
 
Apple macOS Web memory corruption0.050.01440CVE-2022-32863
2091936.36.3
 
 
 
 
Apple Safari Web memory corruption0.060.01440CVE-2022-32863
2091926.36.3
 
 
 
 
Apple macOS File Remote Code Execution0.000.02107CVE-2022-32802
2091916.36.3
 
 
 
 
Aruba ClearPass Policy Manager Web-based Management Interface sql injection0.000.01055CVE-2022-23696
2091906.36.3
 
 
 
 
Aruba ClearPass Policy Manager Web-based Management Interface sql injection0.000.01055CVE-2022-23695

39 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!