CVSSv3 10/27/2022

CVSSv3 Base

≤10
≤21
≤31
≤47
≤57
≤613
≤710
≤86
≤94
≤106

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤31
≤47
≤57
≤614
≤711
≤85
≤94
≤105

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤30
≤48
≤58
≤612
≤710
≤87
≤92
≤106

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤43
≤52
≤63
≤75
≤81
≤95
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2123826.54.3
 
8.8
 
 
ThemeFusion Avada Premium Theme Plugin Installation cross-site request forgery0.070.00954CVE-2022-41996
2123813.13.1
 
 
 
 
Bosch VIDEOJET multi 4000 URL cross site scripting0.000.00885CVE-2022-40183
2123806.36.3
 
 
 
 
ForgeRock Access Managemen LDAP Query access control0.000.00885CVE-2022-24670
2123796.97.3
 
6.5
 
 
ForgeRock Access Managemen Deployment authorization0.040.00885CVE-2022-24669
2123782.02.0
 
 
 
 
Bosch VIDEOJET multi 4000 Configuration cross site scripting0.030.00885CVE-2022-40184
2123775.03.7
 
6.3
 
 
Wireshark OPUS Protocol Dissector denial of service0.040.00954CVE-2022-3725
2123767.37.3
 
 
 
 
Dart SDK WhatWG URL authorization0.040.00885CVE-2022-3095
2123756.36.3
 
 
 
 
Octopus Server Session Token session fixiation0.040.00885CVE-2022-2782
2123744.34.3
 
 
 
 
Octopus Server information disclosure0.030.00885CVE-2022-2508
2123733.53.5
 
 
 
 
Train Scheduler App cross site scripting0.060.00890CVE-2022-42992
2123724.54.3
 
4.7
 
 
Yordam Library Information Document Automation cross site scripting0.090.00885CVE-2021-45476
2123713.53.5
 
 
 
 
Password Storage Application Setup Page cross site scripting0.070.00890CVE-2022-42993
2123703.53.5
 
 
 
 
Simple Online Public Access Catalog Edit Account cross site scripting0.030.00890CVE-2022-42991
2123694.84.8
 
4.8
 
 
Nextcloud Server/Enterprise Server resource consumption0.040.00890CVE-2022-39330
2123683.53.5
 
3.5
 
 
Nextcloud Server/Enterprise Server improper authorization0.070.00954CVE-2022-39329
2123676.45.3
 
7.5
 
 
Rockwell Automation FactoryTalk Alarm/Events Service improper authentication0.000.00885CVE-2022-38744
2123668.57.3
 
9.8
 
 
Pimcore Twig Template code injection0.000.05634CVE-2022-39365
2123652.91.8
 
4.0
 
 
Nextcloud Server/Enterprise Server cleartext storage0.030.00950CVE-2022-39364
2123645.35.3
 
5.3
 
 
Yordam Library Information Document Automation information disclosure0.000.00885CVE-2021-45475
2123637.77.3
 
8.2
 
 
OpenBMC bmcweb HTTP Header multipart_parser memory corruption0.030.00885CVE-2022-3409
2123629.89.8
 
 
 
 
Delta Electronics InfraSuite Device Master AddNewUser improper authentication0.040.00885CVE-2022-41688
2123618.88.8
 
 
 
 
Delta Electronics InfraSuite Device Master ModifyPrivByID improper authentication0.040.00885CVE-2022-41644
2123607.37.3
 
 
 
 
Delta Electronics InfraSuite Device Master WriteConfiguration improper authentication0.000.00885CVE-2022-41776
2123595.35.3
 
 
 
 
Delta Electronics InfraSuite Device Master APRunning information disclosure0.000.00885CVE-2022-41629
2123589.89.8
 
 
 
 
Delta Electronics InfraSuite Device Master Device-Gateway Service deserialization0.000.00000CVE-2022-41778
2123579.49.4
 
 
 
 
Delta Electronics InfraSuite Device Master Device-DataCollect Service deserialization0.000.01086CVE-2022-38142
2123569.89.8
 
 
 
 
Delta Electronics InfraSuite Device Master CheckLoadingStartupConfig pathname traversal0.030.01156CVE-2022-41772
2123559.89.8
 
 
 
 
Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode improper authentication0.000.01156CVE-2022-40202
2123548.88.8
 
 
 
 
Delta Electronics InfraSuite Device Master DeSerializeBinary deserialization0.000.01156CVE-2022-41779
2123539.89.8
 
 
 
 
Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation pathname traversal0.030.01156CVE-2022-41657
2123527.77.3
 
8.2
 
 
OpenBMC bmcweb multipart_parser heap-based overflow0.060.00885CVE-2022-2809
2123516.36.3
 
 
 
 
Hashicorp Boundary clickjacking0.030.00885CVE-2022-36182
2123473.53.5
 
 
 
 
SourceCodester Online Medicine Ordering System cross site scripting0.180.00885CVE-2022-3716
2123465.05.0
 
 
 
 
SourceCodester Online Medicine Ordering System sql injection0.040.00885CVE-2022-3714
2123456.36.3
 
 
 
 
JFinal CMS list sql injection0.040.00885CVE-2022-37202
2123445.25.2
 
5.2
 
 
AliveCor Kardia App authentication bypass by assumed-immutable data0.040.00885CVE-2022-40703
2123434.66.3
 
2.8
 
 
ikus060 rdiffweb behavioral workflow0.040.00885CVE-2022-3363
2123425.55.5
 
 
 
 
D-Link DIR-816 A2 setRepeaterSecurity stack-based overflow0.000.00885CVE-2022-43003
2123415.55.5
 
 
 
 
D-Link DIR-816 A2 form2WizardStep54 stack-based overflow0.000.00885CVE-2022-43002
2123405.55.5
 
 
 
 
D-Link DIR-816 A2 setSecurity stack-based overflow0.030.00885CVE-2022-43001
2123395.55.5
 
 
 
 
D-Link DIR-816 A2 form2WizardStep4 stack-based overflow0.030.00885CVE-2022-43000
2123385.55.5
 
 
 
 
D-Link DIR-816 A2 setSysAdm command injection0.000.02055CVE-2022-42999
2123375.55.5
 
 
 
 
D-Link DIR-816 A2 form2IPQoSTcAdd stack-based overflow0.030.00885CVE-2022-42998
2123366.36.3
 
 
 
 
Delta Electronics DIAEnergy HICT_Loop sql injection0.030.01086CVE-2022-43775
2123356.36.3
 
 
 
 
Delta Electronics DIAEnergy HandlerPageP_KID sql injection0.030.01086CVE-2022-43774
2123345.55.5
 
 
 
 
Metabase URL Parameter geojson server-side request forgery0.040.00885CVE-2022-43776
2123335.44.3
 
6.5
 
 
Metabase GeoJSON map URL information disclosure0.040.00885CVE-2022-39359
2123328.27.3
 
9.1
 
 
Discourse Patreon Login improper authentication0.030.00885CVE-2022-39355
2123317.56.3
 
8.8
 
 
Metabase unsafe action warning0.000.00885CVE-2022-39362
2123305.95.4
 
6.5
 
 
Metabase Password Reset missing critical step in authentication0.030.00885CVE-2022-39360

5 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!