CVSSv3 10/25/2022

CVSSv3 Base

≤10
≤20
≤30
≤45
≤53
≤69
≤710
≤811
≤97
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤44
≤53
≤614
≤75
≤816
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤45
≤55
≤67
≤718
≤89
≤91
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤62
≤74
≤83
≤99
≤108

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2122105.75.6
 
5.9
 
 
OpenFGA Wildcard improper authorization0.070.00954CVE-2022-39341
2122095.35.3
 
5.3
 
 
OpenFGA streamed-list-objects Endpoint improper authorization0.040.00954CVE-2022-39340
2122087.56.3
 
8.8
 
 
GitHub Actions Runner os command injection0.300.00890CVE-2022-39321
2122078.57.3
 
9.8
 
 
Dataease MySQL Connection Parameter JdbcProvider.java deserialization0.100.01018CVE-2022-39312
2122063.53.5
 
 
 
 
Free5gc information disclosure0.040.00885CVE-2022-38870
2122055.24.3
 
6.1
 
 
Esri ArcGIS Server code download0.040.01055CVE-2022-38199
2122045.75.4
 
6.1
 
 
Esri ArcGIS Server redirect0.030.01055CVE-2022-38197
2122035.64.7
 
6.5
 
 
Esri ArcGIS Server path traversal0.040.01055CVE-2022-38196
2122027.26.3
 
8.2
 
 
Abode iota All-In-One Security Kit Web Interface wirelessConnect format string0.070.00885CVE-2022-35887
2122017.26.3
 
8.2
 
 
Abode iota All-In-One Security Kit Web Interface wirelessConnect format string0.000.00885CVE-2022-35886
2122007.37.3
 
 
 
 
Abode iota All-In-One Security Kit Web Interface wirelessConnect format string0.070.00885CVE-2022-35885
2121997.26.3
 
8.2
 
 
Abode iota All-In-One Security Kit Web Interface wirelessConnect format string0.070.00885CVE-2022-35884
2121987.37.3
 
 
 
 
Abode iota All-In-One Security Kit UPnP DoUpdateUPnPbyService format string0.000.00885CVE-2022-35881
2121976.76.3
 
7.1
 
 
Abode iota All-In-One Security Kit UPnP DoUpdateUPnPbyService format string0.000.00885CVE-2022-35880
2121966.76.3
 
7.1
 
 
Abode iota All-In-One Security Kit UPnP DoUpdateUPnPbyService format string0.070.00885CVE-2022-35879
2121956.76.3
 
7.1
 
 
Abode iota All-In-One Security Kit UPnP DoEnumUPnPService format string0.060.00885CVE-2022-35878
2121947.77.3
 
8.2
 
 
Abode iota All-In-One Security Kit XCMD testWifiAP format string0.000.00885CVE-2022-35877
2121937.77.3
 
8.2
 
 
Abode iota All-In-One Security Kit XCMD testWifiAP format string0.040.00885CVE-2022-35876
2121927.77.3
 
8.2
 
 
Abode iota All-In-One Security Kit XCMD testWifiAP format string0.060.00885CVE-2022-35875
2121917.77.3
 
8.2
 
 
Abode iota All-In-One Security Kit XCMD testWifiAP format string0.050.00885CVE-2022-35874
2121908.57.3
 
9.8
 
 
Abode iota All-In-One Security Kit XCMD getVarHA format string0.000.00885CVE-2022-35244
2121896.36.3
 
 
 
 
Usermin GPG Module os command injection0.050.01055CVE-2022-35132
2121887.77.3
 
8.2
 
 
Abode iota All-In-One Security Kit XCMD ghome_process_control_packet format string0.000.00885CVE-2022-33938
2121874.34.3
 
 
 
 
Tenable Nessus Web UI debug log file0.100.00885CVE-2022-33757
2121869.89.8
 
9.8
 
 
Abode iota All-In-One Security Kit Telnet hard-coded credentials0.030.01086CVE-2022-29889
2121853.93.1
 
4.7
 
 
Abode iota All-In-One Security Kit XFINDER authentication replay0.030.00885CVE-2022-29475
2121849.99.8
 
10.0
 
 
Abode iota All-In-One Security Kit XCMD stack-based overflow0.030.01156CVE-2022-32454
2121835.65.6
 
 
 
 
Synology DSM iSCSI Management missing authentication0.100.01055CVE-2022-27623
2121826.36.3
 
 
 
 
WP All Export Pro Plugin POST Parameter sql injection0.040.00885CVE-2022-3395
2121815.55.5
 
 
 
 
BestWebSoft Post to CSV Plugin csv injection0.130.00885CVE-2022-3393
2121804.74.7
 
 
 
 
CleanTalk Spam Protection, AntiSpam, FireWall Plugin sql injection0.000.00885CVE-2022-3302
2121794.74.7
 
 
 
 
10Web Form Maker Plugin sql injection0.030.00885CVE-2022-3300
2121786.36.3
 
 
 
 
Blog2Social Social Media Auto Post & Scheduler Plugin AJAX Action server-side request forgery0.160.00885CVE-2022-3247
2121776.36.3
 
 
 
 
Blog2Social Social Media Auto Post & Scheduler Plugin sql injection0.040.00885CVE-2022-3246
2121763.53.5
 
 
 
 
Apache Batik SVG cross site scripting0.300.01246CVE-2022-42890
2121753.53.5
 
 
 
 
Apache Batik information disclosure0.300.01246CVE-2022-41704
2121745.95.3
 
6.5
 
 
Kirby API/Panel observable response discrepancy0.000.01018CVE-2022-39315
2121733.13.1
 
 
 
 
Linux Kernel KVM expected behavior violation0.050.00885CVE-2022-3344
2121728.16.3
 
10.0
 
 
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection0.110.01086CVE-2022-33207
2121718.16.3
 
10.0
 
 
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection0.040.01086CVE-2022-33206
2121708.16.3
 
10.0
 
 
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection0.070.01086CVE-2022-33205
2121698.16.3
 
10.0
 
 
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection0.070.01086CVE-2022-33204
2121685.55.5
 
 
 
 
WP All Export Pro Plugin code injection0.040.01086CVE-2022-3394
2121676.36.3
 
 
 
 
Kadence WooCommerce Email Designer Plugin Imported File deserialization0.070.00885CVE-2022-3335
2121668.18.1
 
 
 
 
Microsoft Azure CLI code injection0.670.03678CVE-2022-39327
2121656.66.6
 
 
 
 
TP-Link TL-WR841N ated_tp command injection0.000.00000CVE-2022-42433
2121646.36.3
 
 
 
 
GnuPG libksba File Parser stack-based overflow0.230.00000CVE-2022-3515

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!