CVSSv3 October 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤21
≤314
≤4118
≤5446
≤6473
≤7617
≤8568
≤9184
≤10101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤317
≤4129
≤5445
≤6608
≤7531
≤8563
≤9134
≤1094

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤26
≤385
≤4361
≤5414
≤6491
≤7612
≤8340
≤9111
≤10102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤36
≤423
≤579
≤6273
≤7280
≤8479
≤9171
≤10326

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤317
≤471
≤5104
≤6153
≤7144
≤8260
≤9120
≤1087

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤31
≤41
≤54
≤615
≤713
≤856
≤919
≤107

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
10/31/20226.86.37.86.3
 
 
Axiomatic Bento4 Avcinfo SetDataSize heap-based overflow0.03CVE-2022-3785
10/31/20226.86.37.86.3
 
 
Axiomatic Bento4 mp4hls Ap4Mp4AudioInfo.cpp ReadBits heap-based overflow0.03CVE-2022-3784
10/31/20225.55.55.5
 
 
 
Lodepng pngdetail memory corruption0.41CVE-2022-44081
10/31/20225.55.55.5
 
 
 
tsMuxer bitStream.h flushBits heap-based overflow0.00CVE-2022-43152
10/31/20224.53.55.5
 
 
 
timg term-query.cc QueryBackgroundColor memory leak0.43CVE-2022-43151
10/31/20225.55.55.5
 
 
 
rtf2html rtf_tools.h heap-based overflow0.47CVE-2022-43148
10/31/20225.55.55.5
 
 
 
zrax pycdc StackDepotNode stack-based overflow0.43CVE-2022-44079
10/31/20226.45.3
 
7.5
 
 
conduit-hyper to_bytes resource consumption0.03CVE-2022-39294
10/31/20227.77.57.58.2
 
 
zephyrproject-rtos Zephyr CAN Frame resource consumption0.00CVE-2022-2741
10/31/20224.43.56.13.5
 
 
node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting0.12CVE-2022-3783
10/31/20227.65.59.8
 
 
 
xfig buffer overflow0.50CVE-2021-40241
10/31/20224.83.56.1
 
 
 
Newspaper Theme AJAX Action cross site scripting0.43CVE-2022-2627
10/31/20224.83.56.1
 
 
 
Newspaper Theme AJAX Action cross site scripting0.40CVE-2022-2167
10/31/20223.62.44.8
 
 
 
Rock Convert Plugin Setting cross site scripting0.41CVE-2022-3441
10/31/20224.83.56.1
 
 
 
Rock Convert Plugin Attribute cross site scripting0.07CVE-2022-3440
10/31/20223.62.44.8
 
 
 
Official Integration for Billingo Plugin cross site scripting0.41CVE-2022-3420
10/31/20225.44.36.5
 
 
 
Automatic User Roles Switcher Plugin cross-site request forgery0.37CVE-2022-3419
10/31/20223.62.44.8
 
 
 
WP Word Count Plugin Setting cross site scripting0.31CVE-2022-3408
10/31/20223.62.44.8
 
 
 
WP Contact Slider Plugin Setting cross site scripting0.00CVE-2022-3237
10/31/20224.43.55.4
 
 
 
WP Total Hacks Plugin Setting cross site scripting0.50CVE-2022-3096
10/31/20224.32.66.1
 
 
 
Gallery Plugin for Plugin Attribute cross site scripting0.00CVE-2022-2190
10/31/20228.57.39.8
 
 
 
Classifieds Plugin Premium Module sql injection0.56CVE-2022-3254
10/31/20228.06.39.8
 
 
 
Clinic Patient Management System Profile Picture users.php unrestricted upload0.00CVE-2022-40471
10/31/20226.35.57.2
 
 
 
Customizer Export Import Plugin Imported File deserialization0.18CVE-2022-3380
10/31/20225.74.37.2
 
 
 
Ocean Extra Plugin Imported File deserialization0.03CVE-2022-3374
10/31/20226.35.57.2
 
 
 
PublishPress Capabilities Plugin File Import deserialization0.03CVE-2022-3366
10/31/20227.15.58.8
 
 
 
Smart Slider 3 Plugin Imported File deserialization0.06CVE-2022-3357
10/31/20226.35.57.2
 
 
 
Easy WP SMTP Plugin Admin Import File deserialization0.13CVE-2022-3334
10/31/20227.77.38.1
 
 
 
LearnPress Plugin REST API Endpoint wp_hash deserialization0.00CVE-2022-3360
10/31/20225.44.36.5
 
 
 
ProcessWire cross-site request forgery0.04CVE-2022-40488
10/31/20227.65.59.8
 
 
 
thlorenz browserify-shim resolve-shims.js resolveShims prototype pollution0.00CVE-2022-37623
10/31/20225.53.57.5
 
 
 
kangax html-minifier htmlminifier.js incorrect regex0.00CVE-2022-37620
10/31/20224.53.75.3
 
 
 
PwnDoc Authentication timing discrepancy0.05CVE-2022-44023
10/31/20224.53.75.3
 
 
 
PwnDoc Authentication timing discrepancy0.03CVE-2022-44022
10/31/20227.56.38.8
 
 
 
total.js Metacharacter ping os command injection0.29CVE-2022-44019
10/31/20224.43.5
 
5.4
 
 
Tech Now Ragic Report Generator cross site scripting0.00CVE-2022-40739
10/31/20224.83.56.1
 
 
 
ProcessWire Search cross site scripting0.00CVE-2022-40487
10/31/20224.43.5
 
5.4
 
 
First Class One U-Office Force Forum cross site scripting0.08CVE-2022-39027
10/31/20224.43.5
 
5.4
 
 
First Class One U-Office Force UserDefault Page cross site scripting0.21CVE-2022-39026
10/31/20225.24.3
 
6.1
 
 
First Class One U-Office Force PrintMessage cross site scripting0.00CVE-2022-39025
10/31/20225.24.3
 
6.1
 
 
First Class One U-Office Force Bulletin cross site scripting0.09CVE-2022-39024
10/31/20225.44.3
 
6.5
 
 
First Class One U-Office Force Download path traversal0.06CVE-2022-39023
10/31/20225.44.3
 
6.5
 
 
First Class One U-Office Force Download path traversal0.00CVE-2022-39022
10/31/20225.75.4
 
6.1
 
 
First Class One U-Office Force redirect0.08CVE-2022-39021
10/31/20225.94.36.17.3
 
 
thorsten phpmyfaq cross site scripting0.03CVE-2022-3766
10/31/20226.04.35.48.2
 
 
thorsten phpmyfaq cross site scripting0.06CVE-2022-3765
10/31/20228.06.39.8
 
 
 
Stimulsoft Reports Compilation Mode code injection0.06CVE-2021-42777
10/31/20224.34.3
 
 
 
 
strongSwan Revocation Plugin resource consumption0.03CVE-2022-40617
10/31/20227.67.57.8
 
 
 
multipath-tools Unix Domain Socket access control0.22CVE-2022-41974
10/31/20227.67.57.8
 
 
 
multipath-tools multipathd shm symlink0.07CVE-2022-41973

2472 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!