CVSSv3 11/05/2022

CVSSv3 Base

≤10
≤20
≤30
≤43
≤54
≤64
≤76
≤84
≤92
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤42
≤54
≤65
≤77
≤83
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤30
≤45
≤54
≤65
≤74
≤83
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤61
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤40
≤53
≤62
≤71
≤83
≤96
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2130136.97.3
 
6.5
 
 
froxlor code injection0.030.00885CVE-2022-3869
2130124.74.7
 
 
 
 
SourceCodester Sanitization Management System sql injection0.860.00885CVE-2022-3868
2130115.55.5
 
 
 
 
jhead exif.c Put16u buffer overflow0.060.00885CVE-2021-34055
2130103.53.5
 
 
 
 
Saibamen HotelManager Contact Field Kernel.php cross site scripting0.060.00885CVE-2021-39473
2130095.73.5
 
8.0
 
 
Splunk Enterprise Data Model cross site scripting0.030.00885CVE-2022-43569
2130086.34.3
 
8.3
 
 
HCL XPages cross-site request forgery0.030.00885CVE-2022-38660
2130074.63.55.44.8
 
 
Blobster Foundry Blobster Service cross site scripting0.030.00885CVE-2022-27894
2130065.55.5
 
 
 
 
diplib double free0.040.00885CVE-2021-39432
2130057.56.3
 
8.8
 
 
Splunk Splunk Enterprise XML xml external entity reference0.100.00885CVE-2022-43570
2130046.54.3
 
8.8
 
 
Splunk Enterprise JSON cross site scripting0.030.00885CVE-2022-43568
2130033.12.0
 
4.2
 
 
OSIsoft Foundry Magritte Plugin Authentication Request log file0.100.00885CVE-2022-27893
2130023.53.9
 
3.0
 
 
Splunk Enterprise Header input validation0.060.01055CVE-2022-43562
2130014.43.3
 
5.5
 
 
HCL Domino Search information disclosure0.130.00885CVE-2022-38654
2130006.45.3
 
7.5
 
 
Splunk Enterprise Splunk-to-Splunk Collector/HTTP Event Collector resource consumption0.060.00885CVE-2022-43572
2129996.45.5
 
7.3
 
 
Splunk Enterprise SPL Safeguard access control0.190.00885CVE-2022-43566
2129987.26.3
 
8.1
 
 
Splunk Enterprise tstats Command access control0.040.00885CVE-2022-43565
2129977.26.3
 
8.1
 
 
Splunk Enterprise SPL Safeguard access control0.060.00885CVE-2022-43563
2129965.65.6
 
5.6
 
 
OpenZeppelin Contracts Contract Creation initialization0.030.01440CVE-2022-39384
2129959.89.8
 
 
 
 
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow0.060.01599CVE-2022-39344
2129948.27.3
 
9.1
 
 
XWiki Request Parameter improper authentication0.030.00954CVE-2022-39387
2129934.94.9
 
4.9
 
 
Splunk Enterprise Search Macro resource consumption0.000.01055CVE-2022-43564
2129928.88.8
 
8.8
 
 
Splunk Enterprise Mobile Alerts deserialization0.120.00885CVE-2022-43567
2129916.36.3
 
 
 
 
VMware Spring Tools/VSCode Extension Snakeyaml Remote Code Execution0.250.02722CVE-2022-31691
2129907.57.5
 
 
 
 
Linux Kernel NFSD buffer size0.060.00885CVE-2022-43945

Want to stay up to date on a daily basis?

Enable the mail alert feature now!