CVSSv3 11/07/2022

CVSSv3 Base

≤10
≤20
≤31
≤47
≤510
≤616
≤77
≤86
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤47
≤510
≤618
≤710
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤48
≤510
≤616
≤76
≤86
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤72
≤81
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2130633.53.5
 
 
 
 
F-Secure SAFE Browser Drag/Drop denial of service0.060.00885CVE-2022-38163
2130623.53.5
 
 
 
 
PassWork Extension information disclosure0.040.00885CVE-2022-42956
2130613.53.5
 
 
 
 
PassWork Extension missing encryption0.030.00885CVE-2022-42955
2130605.55.5
 
 
 
 
ELAN Miniport Touchpad Driver IOCTL Request denial of service0.070.00885CVE-2021-42205
2130596.36.3
 
 
 
 
oretnom23 Sanitization Management System sql injection0.000.00885CVE-2022-43352
2130584.64.6
 
 
 
 
oretnom23 Sanitization Management System denial of service0.000.00885CVE-2022-43351
2130576.36.3
 
 
 
 
oretnom23 Sanitization Management System sql injection0.000.00885CVE-2022-43350
2130563.53.5
 
 
 
 
oretnom23 Simple E-Learning System path traversal0.030.00885CVE-2022-43319
2130553.53.5
 
 
 
 
oretnom23 Human Resource Management System cross site scripting0.000.00885CVE-2022-43317
2130546.36.3
 
 
 
 
oretnom23 Food Ordering Management System sql injection0.030.00885CVE-2022-42990
2130536.36.3
 
 
 
 
oretnom23 Human Resource Management System state.php sql injection0.000.00885CVE-2022-43318
2130525.55.5
 
 
 
 
d8s-xml backdoor0.000.02509CVE-2022-44054
2130515.55.5
 
 
 
 
d8s-networking backdoor0.030.02509CVE-2022-44053
2130505.55.5
 
 
 
 
d8s-dates backdoor0.000.02509CVE-2022-44052
2130495.55.5
 
 
 
 
d8s-stats backdoor0.000.02509CVE-2022-44051
2130485.55.5
 
 
 
 
d8s-networking backdoor0.160.02509CVE-2022-44050
2130475.55.5
 
 
 
 
d8s-python backdoor0.000.02509CVE-2022-44049
2130465.55.5
 
 
 
 
d8s-urls backdoor0.300.02509CVE-2022-44048
2130455.55.5
 
 
 
 
d8s-timer backdoor1.510.02199CVE-2022-43306
2130445.55.5
 
 
 
 
d8s-python backdoor0.050.02509CVE-2022-43305
2130435.55.5
 
 
 
 
d8s-timer backdoor0.030.02509CVE-2022-43304
2130425.55.5
 
 
 
 
d8s-strings backdoor0.000.02509CVE-2022-43303
2130415.44.3
 
6.5
 
 
jgraph drawio cross site scripting0.000.00885CVE-2022-3873
2130404.93.3
 
6.5
 
 
Trellix DXL Broker Log Directory denial of service0.030.00885CVE-2022-2188
2130397.37.3
 
 
 
 
Maxon ERP browse_data sql injection0.820.00885CVE-2022-3878
2130386.45.3
 
7.5
 
 
s::can moni::tools camera-file Module path traversal0.030.00885CVE-2020-12509
2130375.55.5
 
 
 
 
Import and Export Users and Customers Plugin csv injection0.000.00885CVE-2022-3558
2130365.55.5
 
 
 
 
Contact Form Plugin Plugin csv injection0.000.00885CVE-2022-3463
2130354.34.3
 
 
 
 
WP Hide Plugin custom_wpadmin_slug Setting cross-site request forgery0.040.00885CVE-2022-3489
2130342.42.4
 
 
 
 
Highlight Focus Plugin Setting cross site scripting0.030.00885CVE-2022-3462
2130334.34.3
 
 
 
 
Product Stock Manager Plugin AJAX Action cross-site request forgery0.030.00885CVE-2022-3451
2130324.34.3
 
 
 
 
Easy Digital Downloads Plugin Payment History cross-site request forgery0.070.00885CVE-2022-2387
2130316.36.3
 
 
 
 
Role Based Pricing for WooCommerce Plugin Phar deserialization0.190.00885CVE-2022-3536
2130306.36.3
 
 
 
 
Complianz Plugin/Complianz Premium Plugin Translation sql injection0.030.00885CVE-2022-3494
2130294.74.7
 
 
 
 
Import any XML or CSV File Plugin File Extension code injection0.000.00885CVE-2022-3418
2130284.74.7
 
 
 
 
Import any XML or CSV File to Plugin ZIP Archive path traversal0.030.00885CVE-2022-2711
2130277.37.3
 
 
 
 
WooCommerce Dropshipping Plugin REST Endpoint sql injection0.030.00885CVE-2022-3481
2130267.37.3
 
 
 
 
Role Based Pricing for WooCommerce Plugin unrestricted upload0.000.00885CVE-2022-3537
2130255.55.5
 
 
 
 
Lightning Labs Ind btcd Privilege Escalation0.030.00950CVE-2022-44797
2130247.87.8
 
 
 
 
NTFS-3G NTFS Image buffer overflow0.040.01005CVE-2022-40284
2130233.33.3
 
 
 
 
Object First Web Service information disclosure0.210.00885CVE-2022-44795
2130227.37.3
 
 
 
 
wolfSSL TLS heap-based overflow0.030.00885CVE-2022-42905
2130213.33.3
 
 
 
 
Patterson Dental Eaglesoft Encrypted Key hard-coded key0.000.00885CVE-2022-37710
2130207.37.3
 
 
 
 
Object First Web UI improper authorization0.040.00885CVE-2022-44796
2130194.34.3
 
 
 
 
Net-SNMP UDP Packet ip_scalars.c handle_ipv6IpForwarding denial of service0.090.01055CVE-2022-44793
2130184.34.3
 
 
 
 
Net-SNMP UDP Packet ip_scalars.c handle_ipDefaultTTL denial of service0.090.01055CVE-2022-44792
2130178.88.8
 
 
 
 
Object First Management Protocol input validation0.050.01055CVE-2022-44794
2130164.54.5
 
 
 
 
CPython Multiprocessing Library deserialization0.160.01036CVE-2022-42919

Interested in the pricing of exploits?

See the underground prices here!