CVSSv3 11/04/2022

CVSSv3 Base

≤10
≤22
≤30
≤418
≤519
≤617
≤726
≤84
≤97
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤30
≤418
≤520
≤622
≤721
≤83
≤97
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤35
≤416
≤522
≤611
≤727
≤85
≤95
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤53
≤63
≤72
≤80
≤90
≤102

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤33
≤42
≤56
≤64
≤79
≤82
≤93
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2129896.86.8
 
 
 
 
D-Link DIR-1935 SetWebFilterSetting command injection0.030.00000CVE-2022-43623
2129886.86.8
 
 
 
 
D-Link DIR-1935 ConfigFileUpload format string0.030.00000CVE-2022-43619
2129878.88.8
 
 
 
 
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation0.030.00885CVE-2022-40773
2129868.88.8
 
 
 
 
D-Link DIR-1935 HNAP improper authentication0.040.00000CVE-2022-43620
2129858.88.8
 
 
 
 
D-Link DIR-1935 HNAP improper authentication0.060.00000CVE-2022-43621
2129848.88.8
 
 
 
 
D-Link DIR-1935 stack-based overflow0.100.00000CVE-2022-43622
2129835.55.5
 
 
 
 
Apache Commons BCEL API out-of-bounds0.440.00885CVE-2022-42920
2129826.86.8
 
 
 
 
D-Link DIR-1935 SetStaticRouteIPv4Settings stack-based overflow0.050.00000CVE-2022-43625
2129816.86.8
 
 
 
 
D-Link DIR-1935 SetStaticRouteIPv6Settings command injection0.080.00000CVE-2022-43624
2129806.86.8
 
 
 
 
D-Link DIR-1935 SetStaticRouteIPv4Settings command injection0.030.00000CVE-2022-43627
2129796.86.8
 
 
 
 
D-Link DIR-1935 SetIPv6FirewallSettings command injection0.030.00000CVE-2022-43628
2129785.74.5
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert sql injection0.030.01036CVE-2022-41671
2129775.74.5
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert SGIUtility path traversal0.050.01036CVE-2022-41670
2129766.86.8
 
 
 
 
D-Link DIR-1935 SetSysEmailSettings command injection0.000.00000CVE-2022-43629
2129758.88.8
 
 
 
 
D-Link DIR-1935 SOAPAction stack-based overflow0.000.00000CVE-2022-43630
2129746.86.8
 
 
 
 
D-Link DIR-1935 SetVirtualServerSettings command injection0.040.00000CVE-2022-43631
2129737.27.2
 
 
 
 
D-Link DIR-1935 SetQoSSettings command injection0.030.00000CVE-2022-43632
2129726.86.8
 
 
 
 
D-Link DIR-1935 SetSysLogSettings command injection0.000.00000CVE-2022-43633
2129715.55.5
 
 
 
 
Watchdog Antivirus wsdkd.sys access control0.030.00885CVE-2022-38582
2129706.96.3
 
7.6
 
 
froxlor code injection0.030.00885CVE-2022-3721
2129692.02.0
 
 
 
 
pingcap tidb format string0.050.00885CVE-2022-3023
2129687.07.0
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert SGIUtility signature verification0.030.01036CVE-2022-41669
2129677.07.0
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert Project Conversion type conversion0.080.01036CVE-2022-41668
2129665.14.3
 
5.9
 
 
Trellix IPS Manager XML xml external entity reference0.000.01055CVE-2022-3340
2129657.07.0
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert path traversal0.030.01036CVE-2022-41667
2129645.65.6
 
 
 
 
Apache Pulsar C++ Client TLS Certificate certificate validation0.000.00885CVE-2022-33684
2129635.55.5
 
 
 
 
Apache Ivy path traversal0.030.00885CVE-2022-37866
2129624.64.6
 
 
 
 
Apache Ivy unknown vulnerability0.160.00885CVE-2022-37865
2129613.62.4
 
4.8
 
 
JumpDEMAND 4ECPS Web Forms Plugin cross site scripting0.040.00885CVE-2022-44628
2129604.84.3
 
5.4
 
 
David Cole Simple SEO Plugin Sitemap cross-site request forgery0.030.00885CVE-2022-44627
2129595.55.5
 
 
 
 
CandidATS xml external entity reference0.030.00885CVE-2022-42745
2129584.84.3
 
5.4
 
 
a3rev Page View Count Plugin Plugin Setting cross-site request forgery0.030.00885CVE-2022-40131
2129573.62.4
 
4.8
 
 
Stage Rock Convert Plugin cross site scripting0.040.00885CVE-2022-36428
2129564.34.3
 
4.3
 
 
Keywordrush Content Egg Plugin cross-site request forgery0.030.00885CVE-2022-25952
2129557.56.3
 
8.8
 
 
Splunk Enterprise Dashboard PDF Generator code injection0.190.01440CVE-2022-43571
2129543.92.44.84.5
 
 
GLPI External Link cross site scripting0.030.00885CVE-2022-39277
2129533.82.74.9
 
 
 
OpenCart sql injection0.110.00885CVE-2021-37823
2129523.53.5
 
 
 
 
Stiltsoft Handy Macros for Confluence Server and Data Center Handy Tip Macro cross site scripting0.060.01055CVE-2022-44724
2129512.02.0
 
 
 
 
Scripts Enterprise Web cross site scripting0.030.01055CVE-2022-43561
2129503.73.7
 
3.7
 
 
HYPR Workforce Access Authentication permission assignment0.060.00885CVE-2022-3258
2129494.73.3
 
6.2
 
 
OpenHarmony download_server information disclosure0.030.00885CVE-2022-43449
2129485.96.3
 
5.4
 
 
David Cole Simple SEO Plugin Sitemap access control0.030.00885CVE-2022-36404
2129475.83.3
 
8.4
 
 
Netskope NSClient Log log file0.120.00885CVE-2021-44862
2129463.74.7
 
2.7
 
 
ExpressTech Quiz and Survey Master Plugin resource injection0.030.00885CVE-2021-36906
2129453.53.5
 
 
 
 
SalonERP cross site scripting0.040.00885CVE-2022-42753
2129444.34.3
 
 
 
 
CandidATS cross-site request forgery0.030.00885CVE-2022-42751
2129437.07.0
 
7.0
 
 
Schneider Electric EcoStruxure Operator Terminal Expert signature verification0.040.01036CVE-2022-41666
2129423.53.5
 
 
 
 
Emlog Pro store.php cross site scripting0.060.00885CVE-2022-43372
2129417.87.8
 
 
 
 
OpenHarmony appspawn/nwebspawn path traversal0.030.00885CVE-2022-43451
2129404.34.3
 
 
 
 
Markdownify Markdown File unknown vulnerability0.000.00885CVE-2022-41710

43 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!