CVSSv3 09/28/2022

CVSSv3 Base

≤10
≤20
≤32
≤45
≤55
≤69
≤715
≤85
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤45
≤55
≤616
≤79
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤46
≤59
≤65
≤715
≤85
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤30
≤40
≤50
≤61
≤74
≤81
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2096796.86.8
 
 
 
 
Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow2.39+0.00000CVE-2022-3349
2096785.04.1
 
5.9
 
 
Armoury Crate Service Log File symlink1.510.00000CVE-2022-38699
2096775.24.3
 
6.1
 
 
Cowell Enterprise Travel Management System URL cross site scripting1.670.00000CVE-2022-39054
2096765.24.3
 
6.1
 
 
Heimavista Rpage URL cross site scripting1.790.00000CVE-2022-39053
2096755.24.3
 
6.1
 
 
Lianquan Smart eVision POST Data cross site scripting1.550.00000CVE-2022-39035
2096745.44.3
 
6.5
 
 
Lianquan Smart eVision Report API path traversal1.480.00000CVE-2022-39034
2096737.37.3
 
 
 
 
Lianquan Smart eVision File Acquisition path traversal1.510.00000CVE-2022-39033
2096726.36.3
 
 
 
 
Lianquan Smart eVision System Command privileges management1.320.00000CVE-2022-39032
2096714.34.3
 
 
 
 
Lianquan Smart eVision Task Acquisition improper authorization1.400.00000CVE-2022-39031
2096705.35.3
 
 
 
 
Lianquan Smart eVision System Information Query improper authorization1.600.00000CVE-2022-39030
2096694.34.3
 
 
 
 
Lianquan Smart eVision Database Query improper authorization1.590.00000CVE-2022-39029
2096686.36.3
 
 
 
 
Wazuh Active Response Endpoint Privilege Escalation2.190.00000CVE-2022-40497
2096673.53.5
 
 
 
 
ISAMS Title Field cross site scripting1.680.00000CVE-2022-37028
2096668.88.8
 
 
 
 
Check Point ZoneAlarm Extreme Security Updates permission1.990.00000CVE-2022-41604
2096656.36.3
 
 
 
 
JFinal CMS sql injection1.640.00000CVE-2022-37209
2096645.55.5
 
 
 
 
Chipolo ONE Bluetooth Tracker 2020 access control1.720.00000CVE-2022-37193
2096636.36.3
 
 
 
 
Exam Reviewer Management System sql injection1.640.00000CVE-2022-40877
2096623.53.5
 
 
 
 
Zammad Web Socket Connection access control1.880.00000CVE-2022-40816
2096613.53.5
 
 
 
 
Vtiger CRM E-Mail Template cross site scripting1.950.00000CVE-2022-38335
2096603.53.5
 
 
 
 
Realtek RTL8195AM Timer Task denial of service1.840.00000CVE-2022-34326
2096597.06.3
 
7.8
 
 
vim stack-based overflow1.760.00000CVE-2022-3324
2096585.55.5
 
 
 
 
Strapi Admin API Response Privilege Escalation1.800.00000CVE-2022-31367
2096576.36.3
 
 
 
 
Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard authentication spoofing2.230.00000CVE-2021-27862
2096566.36.3
 
 
 
 
Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard access control2.190.00000CVE-2021-27861
2096556.36.3
 
 
 
 
Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard authentication spoofing2.350.00000CVE-2021-27854
2096546.36.3
 
 
 
 
Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard/ARP Inspection authentication spoofing3.230.00000CVE-2021-27853
2096535.55.5
 
 
 
 
EyesOfNetwork file inclusion1.640.00000CVE-2022-41571
2096523.53.5
 
 
 
 
EC-CUBE Page cross site scripting1.680.00000CVE-2022-38975
2096517.37.3
 
 
 
 
Product Image Bulk Upload Plugin unrestricted upload1.720.00000CVE-2022-37346
2096507.37.3
 
 
 
 
EyesOfNetwork sql injection1.680.00000CVE-2022-41570
2096495.55.5
 
 
 
 
Zammad Ticket permission1.560.00000CVE-2022-40817
2096482.72.7
 
 
 
 
EC-CUBE pathname traversal1.440.00000CVE-2022-40199
2096474.64.6
 
 
 
 
Gajim XML Privilege Escalation1.480.00000CVE-2022-39835
2096466.36.3
 
 
 
 
ToaruOS ELF File readelf buffer overflow1.360.00000CVE-2022-38932
2096457.37.3
 
 
 
 
Advantech iView ConfigurationServlet Endpoint checkSQLInjection sql injection1.520.00000CVE-2022-3323
2096442.93.9
 
1.8
 
 
Western Digital My Cloud Home/My Cloud Home Duo/SanDisk ibi version stack-based overflow1.400.00000CVE-2022-23006
2096437.37.3
 
 
 
 
EGavilan Resumes Management and Job Application Login Form login.php sql injection2.590.00000CVE-2021-41433
2096424.94.9
 
 
 
 
Linux Kernel Sound Subsystem null pointer dereference1.520.00000CVE-2022-3303
2096416.36.3
 
 
 
 
Online Tours & Travels Management System update_booking.php sql injection1.320.00000CVE-2022-40354
2096406.36.3
 
 
 
 
Online Tours & Travels Management System up_booking.php sql injection1.240.00000CVE-2022-40353
2096396.36.3
 
 
 
 
Online Tours & Travels Management System update_traveller.php sql injection1.320.00000CVE-2022-40352
2096386.36.3
 
 
 
 
Exam Reviewer Management System Profile Page unrestricted upload1.440.00000CVE-2022-40878

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!