CVSSv3 11/03/2022

CVSSv3 Base

≤10
≤20
≤32
≤44
≤53
≤67
≤74
≤80
≤92
≤107

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤43
≤53
≤67
≤74
≤80
≤97
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤35
≤42
≤55
≤65
≤73
≤82
≤90
≤107

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤51
≤60
≤70
≤81
≤90
≤103

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤61
≤72
≤81
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2128964.34.3
 
 
 
 
GLPI Debug Panel update.php access control0.060.00885CVE-2022-39370
2128956.56.5
 
 
 
 
JetBrains TeamCity User Setting omission of security-relevant information0.030.00885CVE-2022-44646
2128945.44.3
 
6.5
 
 
JetBrains TeamCity log file0.030.00885CVE-2022-44624
2128935.44.3
 
6.5
 
 
JetBrains TeamCity Project Viewer file information disclosure0.000.00885CVE-2022-44623
2128922.72.7
 
 
 
 
JetBrains TeamCity Secure Token Health Item access control0.030.00885CVE-2022-44622
2128919.89.8
 
 
 
 
Tenda AC23 formSetFirewallCfg stack-based overflow0.000.00885CVE-2022-43108
2128909.89.8
 
 
 
 
Tenda AC23 setSmartPowerManagement stack-based overflow0.000.00885CVE-2022-43107
2128899.89.8
 
 
 
 
Tenda AC23 setSchedWifi stack-based overflow0.030.00885CVE-2022-43106
2128889.89.8
 
 
 
 
Tenda AC23 fromSetWifiGusetBasic stack-based overflow0.030.00885CVE-2022-43105
2128879.89.8
 
 
 
 
Tenda AC23 fromSetWirelessRepeat stack-based overflow0.030.00885CVE-2022-43104
2128869.89.89.8
 
 
 
Tenda AC23 Parameter formSetQosBand out-of-bounds write0.040.00885CVE-2022-43103
2128859.89.89.8
 
 
 
Tenda AC23 fromSetSysTime out-of-bounds write0.050.00885CVE-2022-43102
2128848.57.39.8
 
 
 
Tenda AC23 formSetDeviceName out-of-bounds write0.000.00885CVE-2022-43101
2128833.53.5
 
 
 
 
OpenWRT LuCI Public Key Comment sshkeys.js cross site scripting0.030.00885CVE-2022-41435
2128828.57.3
 
9.8
 
 
Keystone Environment Variable injection0.000.00954CVE-2022-39382
2128815.55.5
 
 
 
 
D-Link DIR-823G Packet SetNetworkTomographySettings command injection0.040.02055CVE-2022-43109
2128806.55.6
 
7.4
 
 
GLPI API REST sql injection0.000.00885CVE-2022-39323
2128794.12.44.85.2
 
 
GLPI Rich-Text Content cross site scripting0.030.00885CVE-2022-39262
2128784.95.0
 
4.7
 
 
GLPI Cookie session expiration0.040.00885CVE-2022-39234
2128773.13.1
 
 
 
 
GLPI RSS Feed server-side request forgery0.040.00885CVE-2022-39276
2128766.36.3
 
 
 
 
Apache UIMA PEAR Management FileUtil path traversal0.090.00885CVE-2022-32287
2128755.55.5
 
 
 
 
Pixman libpixman rasterize_edges_8 out-of-bounds write0.030.01108CVE-2022-44638
2128745.35.3
 
 
 
 
Alpine STARTTLS denial of service0.040.01055CVE-2021-46853
2128733.62.4
 
4.8
 
 
Ayoub Media AM-HiLi Plugin cross site scripting0.000.00885CVE-2022-44586
2128723.62.4
 
4.8
 
 
AgentEasy Properties Plugin cross site scripting0.040.00885CVE-2022-44576
2128712.42.4
 
 
 
 
GitLab Community Edition/Enterprise Edition External Status Check cross site scripting0.040.00890CVE-2022-2904
2128705.35.3
 
 
 
 
Trihedral VTScada HTTP Request denial of service0.040.00885CVE-2022-3181
2128695.94.77.2
 
 
 
oretnom23 Online Diagnostic Lab Management System sql injection0.000.00885CVE-2022-43068
2128686.36.3
 
 
 
 
oretnom23 Online Diagnostic Lab Management System sql injection0.000.00885CVE-2022-43066

Interested in the pricing of exploits?

See the underground prices here!