CVSSv3 09/30/2022

CVSSv3 Base

≤10
≤20
≤30
≤45
≤54
≤65
≤74
≤82
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤45
≤54
≤66
≤73
≤82
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤45
≤55
≤66
≤72
≤82
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤60
≤70
≤80
≤93
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2099103.53.5
 
 
 
 
Dutchcoders transfer.sh cross site scripting0.52+0.00000CVE-2022-40931
2099093.53.5
 
 
 
 
kkFileView cross site scripting0.49+0.00000CVE-2022-40879
2099083.53.5
 
 
 
 
FeehiCMS Single Page Module cross site scripting0.49+0.00000CVE-2022-40408
2099075.55.5
 
 
 
 
Amazon AWS Redshift JDBC Driver Object Factory Privilege Escalation0.59+0.00000CVE-2022-41828
2099069.28.8
 
9.6
 
 
isolated-vm API protection mechanism0.63+0.00000CVE-2022-39266
2099053.53.5
 
 
 
 
DGIOT Lightweight industrial IoT cross site scripting0.56+0.00000CVE-2022-35137
2099045.55.5
 
 
 
 
Chamilo ZIP File unrestricted upload0.59+0.00000CVE-2022-40407
2099037.97.3
 
8.6
 
 
matrix-rust-sdk Room Key key exchange without entity authentication0.59+0.00000CVE-2022-39252
2099024.64.6
 
 
 
 
NetApp SnapCenter Content Security Policy Privilege Escalation0.59+0.00000CVE-2022-38732
2099015.55.5
 
 
 
 
Octopus Deploy Login allocation of resources0.56+0.00000CVE-2022-2778
2099005.55.5
 
 
 
 
ZKTeco ZKBio Time Add New Message Module csv injection0.63+0.00000CVE-2022-40472
2098996.36.3
 
 
 
 
SourceCodester Student Result Management System sql injection0.49+0.00000CVE-2022-40887
2098986.85.6
 
8.1
 
 
uClibC/uClibc-ng libpthread memory corruption0.59+0.00000CVE-2022-29503
2098974.34.3
 
 
 
 
Discourse Javascript Error denial of service0.49+0.00000CVE-2022-39232
2098964.74.7
 
 
 
 
Discourse Theme authorization0.52+0.00000CVE-2022-36068
2098955.35.3
 
 
 
 
ikus060 rdiffweb allocation of resources0.42+0.00000CVE-2022-3364
2098943.93.5
 
4.3
 
 
Discourse User Profile allocation of resources0.49+0.00000CVE-2022-39226
2098936.94.7
 
9.1
 
 
Discourse ZIP unrestricted upload0.49+0.00000CVE-2022-36066
2098927.97.3
 
8.6
 
 
matrix-nio Room Key key exchange without entity authentication0.49+0.00000CVE-2022-39254
2098916.36.3
 
 
 
 
Projectworlds Hospital Management System hms-staff.php sql injection1.36+0.00000CVE-2022-33880
2098904.44.3
 
4.6
 
 
IBM Robotic Process Automation Upgrade Log log file0.45+0.00000CVE-2022-39168

Do you want to use VulDB in your project?

Use the official API to access entries easily!