CVSSv3 09/27/2022

CVSSv3 Base

≤10
≤20
≤30
≤44
≤52
≤611
≤732
≤84
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤44
≤52
≤635
≤79
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤46
≤52
≤611
≤733
≤82
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤80
≤91
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤63
≤70
≤81
≤95
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2096377.26.3
 
8.1
 
 
mailcow Swagger API Template clickjacking0.040.00885CVE-2022-39258
2096366.23.5
 
9.0
 
 
Orckestra C1 CMS deserialization0.000.03917CVE-2022-39256
2096353.53.5
 
 
 
 
TaskBuilder SVG File Upload cross site scripting0.040.00885CVE-2022-3137
2096344.63.5
 
5.7
 
 
ikus060 rdiffweb length parameter0.050.00885CVE-2022-3290
2096333.53.5
 
 
 
 
SourceCodester Online Market Place Site cross site scripting0.030.00885CVE-2022-30003
2096323.53.5
 
 
 
 
Centreon Escalation cross site scripting0.020.00885CVE-2022-40044
2096315.35.3
 
5.3
 
 
ikus060 rdiffweb length parameter0.030.00885CVE-2022-3272
2096306.14.7
 
7.5
 
 
Hitachi Content Platform Tenant Configuration access control0.030.00885CVE-2021-28052
2096297.46.3
 
8.5
 
 
Bifrost HTTP Basic Authentication improper authentication0.030.00890CVE-2022-39219
2096285.55.5
 
 
 
 
Linux Kernel io_uring Module off-by-one0.130.00885CVE-2022-3103
2096276.46.36.5
 
 
 
Asus RT-AX88U HTTP Response interpretation conflict0.030.05246CVE-2021-41437
2096265.35.3
 
 
 
 
mIPC strcpy stack-based overflow0.060.00885CVE-2022-40784
2096257.87.8
 
 
 
 
Mist Command-Line Interface permission0.030.00890CVE-2022-39245
2096245.55.5
 
 
 
 
ZFile 1 unrestricted upload0.030.00885CVE-2022-40050
2096236.36.3
 
 
 
 
Centreon Configuration Escalations sql injection0.000.00885CVE-2022-40043
2096228.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto ION use after free0.030.00885CVE-2022-22058
2096216.36.3
 
 
 
 
mIPC os command injection0.030.01156CVE-2022-40785
2096205.35.3
 
5.3
 
 
ikus060 rdiffweb allocation of resources0.040.00885CVE-2022-3298
2096195.65.6
 
 
 
 
SourceCodester Online Market Place Site sql injection0.030.01055CVE-2022-30004
2096188.68.8
 
8.4
 
 
NuProcess Command Line Argument Java_java_lang_UNIXProcess_forkAndExec command injection0.030.02509CVE-2022-39243
2096175.55.5
 
 
 
 
HP inkjet/LaserJet Pro/PageWide Pro buffer overflow0.060.00885CVE-2022-28722
2096163.73.7
 
 
 
 
Unbound Resolver NRDelegation denial of service0.060.01018CVE-2022-3204
2096156.36.3
 
 
 
 
HP inkjet/LaserJet Pro/PageWide Pro Privilege Escalation0.030.01377CVE-2022-28721
2096146.36.3
 
 
 
 
Online Tours & Travels Management System update_expense_category.php sql injection0.000.00885CVE-2022-40099
2096136.36.3
 
 
 
 
Online Tours & Travels Management System update_expense.php sql injection0.030.00885CVE-2022-40098
2096126.36.3
 
 
 
 
Online Tours & Travels Management System update_currency.php sql injection0.020.00885CVE-2022-40097
2096116.36.3
 
 
 
 
Google Chrome Storage out-of-bounds write0.030.01213CVE-2022-3195
2096105.05.0
 
 
 
 
Google Chrome Mojo sandbox0.090.01213CVE-2022-3075
2096097.56.38.8
 
 
 
Google Chrome HTML Page use after free0.060.01055CVE-2022-2998
2096085.55.5
 
 
 
 
Wedding Planner package_detail.php sql injection0.000.00885CVE-2022-40485
2096075.55.5
 
 
 
 
Wedding Planner client_edit.php sql injection0.040.00885CVE-2022-40484
2096065.55.5
 
 
 
 
Wedding Planner wedding_details.php sql injection0.000.00885CVE-2022-40483
2096056.36.3
 
 
 
 
Google Chrome Sign-In Flow use after free0.000.01213CVE-2022-3058
2096046.36.3
 
 
 
 
Google Chrome iFrame Sandbox access control0.030.01213CVE-2022-3057
2096036.36.3
 
 
 
 
Google Chrome Content Security Policy access control0.080.01213CVE-2022-3056
2096026.36.3
 
 
 
 
Google Chrome Passwords use after free0.030.01213CVE-2022-3055
2096016.36.3
 
 
 
 
Google Chrome DevTools Remote Code Execution0.030.01213CVE-2022-3054
2096006.36.3
 
 
 
 
Google Chrome Pointer Lock Remote Code Execution0.000.01213CVE-2022-3053
2095996.36.3
 
 
 
 
Google Chrome Window Manager heap-based overflow0.060.01213CVE-2022-3052
2095986.36.3
 
 
 
 
Google Chrome Exosphere heap-based overflow0.030.01213CVE-2022-3051
2095976.36.3
 
 
 
 
Google Chrome WebUI heap-based overflow0.040.01213CVE-2022-3050
2095966.36.3
 
 
 
 
Google Chrome SplitScreen use after free0.040.01213CVE-2022-3049
2095955.55.5
 
 
 
 
Google Chrome OS Lockscreen Privilege Escalation0.040.01018CVE-2022-3048
2095946.36.3
 
 
 
 
Google Chrome Extensions API Remote Code Execution0.040.01018CVE-2022-3047
2095936.36.3
 
 
 
 
Google Chrome Tab Strip use after free0.040.01213CVE-2022-3071
2095926.36.3
 
 
 
 
Google Chrome Browser Tag use after free0.000.01018CVE-2022-3046
2095916.36.3
 
 
 
 
Google Chrome V8 input validation0.060.01213CVE-2022-3045
2095906.36.3
 
 
 
 
Google Chrome Site Isolation Remote Code Execution0.040.01213CVE-2022-3044
2095896.36.3
 
 
 
 
Google Chrome Screen Capture heap-based overflow0.000.01213CVE-2022-3043
2095886.36.3
 
 
 
 
Google Chrome PhoneHub use after free0.040.01213CVE-2022-3042

5 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!