CVSSv3 09/22/2022

CVSSv3 Base

≤10
≤21
≤30
≤431
≤59
≤623
≤715
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤30
≤431
≤59
≤627
≤711
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤30
≤438
≤510
≤616
≤713
≤81
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤83
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤63
≤73
≤83
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2093185.94.77.2
 
 
 
oretnom23 Online Pet Shop We App sql injection0.000.00885CVE-2022-40935
2093175.94.77.2
 
 
 
oretnom23 Online Pet Shop We App sql injection0.000.00885CVE-2022-40934
2093165.94.77.2
 
 
 
oretnom23 Online Pet Shop We App sql injection0.040.00885CVE-2022-40933
2093156.43.1
 
9.8
 
 
ikus060 minarca weak password0.000.00885CVE-2022-3268
2093145.55.5
 
 
 
 
Apache XML Graphics Batik JAR URL server-side request forgery0.450.00885CVE-2022-40146
2093135.55.5
 
 
 
 
Apache XML Graphics Batik JAR Protocol server-side request forgery0.280.00885CVE-2022-38398
2093126.36.3
 
 
 
 
Apache XML Graphics Batik server-side request forgery0.160.00885CVE-2022-38648
2093113.53.5
 
 
 
 
protobuf-python/protobuf-cpp ProtocolBuffers resource consumption0.410.00885CVE-2022-1941
2093103.53.5
 
 
 
 
ZZCMS GET Request siteinfo.php path traversal0.040.00885CVE-2022-40443
2093096.36.3
 
 
 
 
ZZCMS baojia_list.php sql injection0.160.00885CVE-2022-40447
2093086.36.3
 
 
 
 
ZZCMS sql injection0.040.00885CVE-2022-40446
2093073.53.5
 
 
 
 
ZZCMS index.PHP information disclosure0.050.00885CVE-2022-40444
2093065.55.5
 
 
 
 
Apache SOAP RPCRouterServlet xml external entity reference0.120.00885CVE-2022-40705
2093053.53.5
 
 
 
 
Anchore Container Image Scanner Plugin Engine API cross site scripting0.050.00885CVE-2022-41225
2093043.53.5
 
 
 
 
Liferay Portal/DXP Tag cross site scripting0.090.00885CVE-2022-28982
2093033.53.5
 
 
 
 
Liferay Portal/DXP Parameter cross site scripting0.080.00885CVE-2022-28980
2093024.34.3
 
4.3
 
 
ikus060 rdiffweb cross-site request forgery0.000.00885CVE-2022-3233
2093015.73.5
 
8.0
 
 
TIBCO EBX Add-Ons Web Server cross site scripting0.040.00885CVE-2022-30578
2093005.73.5
 
8.0
 
 
TIBCO EBX Web Server cross site scripting0.040.00885CVE-2022-30577
2092995.55.5
 
 
 
 
RQM Plugin XML Parser xml external entity reference0.000.00885CVE-2022-41241
2092985.55.5
 
 
 
 
Compuware Common Configuration Plugin XML Parser xml external entity reference0.000.00885CVE-2022-41226
2092973.53.5
 
 
 
 
Jenkins Tooltip cross site scripting0.210.00885CVE-2022-41224
2092963.53.5
 
 
 
 
CONS3RT Plugin API Token config.xml credentials storage0.050.00885CVE-2022-41255
2092953.13.1
 
 
 
 
CONS3RT Plugin Credentials authorization0.000.00885CVE-2022-41254
2092943.53.5
 
 
 
 
CONS3RT Plugin Credentials authorization0.080.00885CVE-2022-41252
2092933.53.5
 
 
 
 
Apprenda Plugin Credentials authorization0.000.00885CVE-2022-41251
2092925.65.6
 
 
 
 
SCM HttpClient Plugin authorization0.000.00885CVE-2022-41250
2092912.02.0
 
 
 
 
BigPanda Notifier Plugin API Key missing password field masking0.000.00885CVE-2022-41248
2092903.53.5
 
 
 
 
BigPanda Notifier Plugin API Key credentials storage0.000.00885CVE-2022-41247
2092895.05.0
 
 
 
 
Worksoft Execution Manager Plugin authorization0.000.02096CVE-2022-41246
2092883.53.5
 
 
 
 
DotCi Plugin Notification cross site scripting0.000.00885CVE-2022-41239
2092875.55.5
 
 
 
 
Rundeck Plugin authorization0.090.00885CVE-2022-41234
2092863.53.5
 
 
 
 
Rundeck Plugin HTTP Endpoint authorization0.040.00885CVE-2022-41233
2092855.55.5
 
 
 
 
Build-Publisher Plugin File config.xml path traversal0.000.00885CVE-2022-41231
2092843.53.5
 
 
 
 
Build-Publisher Plugin HTTP Endpoint authorization0.000.00885CVE-2022-41230
2092835.55.5
 
 
 
 
NS-ND Integration Performance Publisher Plugin authorization0.000.00885CVE-2022-41228
2092823.53.5
 
 
 
 
Liferay Portal/DXP Content Page permission0.090.00885CVE-2022-39975
2092813.53.5
 
 
 
 
HelpSystems Cobalt Strike cross site scripting0.650.02561CVE-2022-39197
2092803.53.5
 
 
 
 
Liferay Portal/DXP Export permission0.180.00885CVE-2022-38512
2092793.53.5
 
 
 
 
Lifreay Portal/DXP Custom Facet Widget cross site scripting0.350.00954CVE-2022-28979
2092783.53.5
 
 
 
 
Liferay Portal/DXP User Membership Administration Page cross site scripting0.050.01055CVE-2022-28978
2092774.34.3
 
 
 
 
Keylime Installer keylime.conf information disclosure0.080.00954CVE-2022-23952
2092763.53.5
 
 
 
 
Keylime ZIP Data resource consumption0.000.00954CVE-2022-23951
2092756.36.3
 
 
 
 
Keylime UUID authentication spoofing0.000.01018CVE-2022-23949
2092743.53.5
 
 
 
 
Keylime Secure Mount information disclosure0.040.01018CVE-2022-23948
2092735.63.7
 
7.5
 
 
ikus060 minarca missing secure attribute0.000.00885CVE-2022-3251
2092724.33.7
 
4.9
 
 
ikus060 rdiffweb missing secure attribute0.000.00885CVE-2022-3250
2092715.65.6
 
 
 
 
View26 Test-Reporting Plugin certificate validation0.000.00885CVE-2022-41244
2092705.65.6
 
 
 
 
SmallTest Plugin certificate validation0.000.00885CVE-2022-41243
2092693.53.5
 
 
 
 
extreme-feedback Plugin authorization0.040.00885CVE-2022-41242

29 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!