CVSSv3 11/09/2022

CVSSv3 Base

≤10
≤20
≤37
≤418
≤534
≤635
≤728
≤815
≤92
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤37
≤431
≤522
≤642
≤723
≤813
≤91
≤103

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤39
≤419
≤539
≤628
≤729
≤813
≤93
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤51
≤60
≤71
≤82
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤55
≤68
≤79
≤83
≤94
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2133253.53.5
 
 
 
 
flatCore-CMS cross site scripting0.040.00885CVE-2022-43118
2133243.53.5
 
 
 
 
Intelliants Subrion CMS cross site scripting0.040.00885CVE-2022-43121
2133233.53.5
 
 
 
 
Intelliants Subrion CMS add cross site scripting0.000.00885CVE-2022-43120
2133223.53.5
 
 
 
 
Clansphere CMS cross site scripting0.040.00885CVE-2022-43119
2133215.44.3
 
6.5
 
 
Kaden PICOFLUX AiR Water Meter Wireless M-Bus Mode 5 hard-coded credentials0.080.00885CVE-2021-34577
2133209.89.8
 
 
 
 
WAGO 750-81xx Packet os command injection0.000.00885CVE-2021-34569
2133197.57.5
 
7.5
 
 
WAGO 750-81xx Packet allocation of resources0.040.00885CVE-2021-34568
2133187.26.36.58.8
 
 
Zoho CRM Lead Magnet Plugin Options Update access control0.040.00885CVE-2022-41978
2133174.74.34.35.4
 
 
Advanced Dynamic Pricing for WooCommerce Plugin Rule Type cross-site request forgery0.030.00885CVE-2022-43488
2133166.36.3
 
 
 
 
AccuSoft ImageGear PICT Parser pctwread_14841 out-of-bounds write0.030.00885CVE-2022-32588
2133154.74.7
 
 
 
 
InHand InRouter302 HTTP Request upload.cgi debug code0.040.00885CVE-2022-29888
2133144.74.7
 
 
 
 
InHand InRouter302 Network Request debug code0.070.00885CVE-2022-29481
2133136.46.3
 
6.5
 
 
InHand InRouter302 Network Request debug code0.000.00885CVE-2022-28689
2133126.36.3
 
 
 
 
InHand InRouter302 Network Request debug code0.040.00885CVE-2022-26023
2133117.27.2
 
 
 
 
Palo Alto Cortex XSOAR Shell data authenticity0.040.00885CVE-2022-0031
2133102.42.4
 
 
 
 
Cisco FirePOWER Management Center cross site scripting0.000.01055CVE-2022-20833
2133092.42.4
 
 
 
 
Cisco FirePOWER Management Center cross site scripting0.040.01055CVE-2022-20832
2133082.42.4
 
 
 
 
Cisco FirePOWER Management Center cross site scripting0.040.01055CVE-2022-20831
2133076.36.3
 
 
 
 
InHand InRouter302 Network Request debug code0.000.00885CVE-2022-30543
2133066.36.3
 
 
 
 
InHand InRouter302 Incomplete Fix access control0.070.00885CVE-2022-25932
2133059.59.8
 
9.1
 
 
WAGO 750-81xx Packet buffer overflow0.040.00885CVE-2021-34566
2133047.77.3
 
8.2
 
 
WAGO 750-81xx Packet out-of-bounds0.050.00885CVE-2021-34567
2133036.56.5
 
 
 
 
Cisco ASA/Firepower Threat Defense VPN authorization0.030.01055CVE-2022-20928
2133026.36.3
 
 
 
 
Cisco FirePOWER Management Center command injection0.050.01055CVE-2022-20925
2133015.35.3
 
 
 
 
Phoenix Contact FL MGUARD DM Apache Web Server privileges management0.030.00885CVE-2021-34579
2133005.35.3
 
 
 
 
Cisco FirePOWER Management Center small space of random values0.040.01055CVE-2022-20941
2132994.34.3
 
 
 
 
Cisco FirePOWER Management Center xml external entity reference0.050.01055CVE-2022-20938
2132984.74.7
 
 
 
 
Cisco FXOS/Firepower Threat Defense command injection0.030.00885CVE-2022-20934
2132974.74.7
 
 
 
 
Cisco Firepower Threat Defense resource management0.030.01055CVE-2022-20949
2132965.35.3
 
 
 
 
Cisco Firepower Threat Defense SSL Decryption Policy information exposure0.000.01055CVE-2022-20940
2132955.35.3
 
 
 
 
Cisco Firepower Threat Defense SIP Detection Engine/Snort 3 Detection Engine allocation of resources0.040.01055CVE-2022-20950
2132945.35.3
 
 
 
 
Cisco Cyber Vision Snort SMB2 Detection Engine Policy heap inspection0.040.01055CVE-2022-20922
2132937.57.5
 
 
 
 
Cisco ASA/Firepower Threat Defense Dynamic Access Policy memory corruption0.080.01055CVE-2022-20947
2132926.56.5
 
 
 
 
Cisco ASA/Firepower Threat Defense SNMP unknown vulnerability0.160.01055CVE-2022-20924
2132917.57.5
 
 
 
 
Cisco Firepower Management Center SSH resource consumption0.090.01055CVE-2022-20854
2132907.57.5
 
 
 
 
Cisco Firepower Threat Defense Generic Routing Encapsulation heap-based overflow0.000.01055CVE-2022-20946
2132896.46.4
 
 
 
 
Cisco Secure Firewall 3100 Secure Boot trust boundary violation0.070.00885CVE-2022-20826
2132886.56.5
 
 
 
 
Cisco ASA/Firepower Threat Defense SSL/TLS denial of service0.430.01055CVE-2022-20927
2132876.36.3
 
 
 
 
Canteen Management System editfood.php sql injection0.040.00885CVE-2022-43292
2132866.36.3
 
 
 
 
Canteen Management System editclient.php sql injection0.040.00885CVE-2022-43291
2132856.36.3
 
 
 
 
Canteen Management System editcategory.php sql injection0.050.00885CVE-2022-43290
2132845.94.77.2
 
 
 
Canteen Management System fetchSelectedCategories.php sql injection0.040.00885CVE-2022-43278
2132835.35.3
 
 
 
 
Cisco FirePOWER Software for ASA SNMP hard-coded credentials0.000.01055CVE-2022-20918
2132825.94.77.2
 
 
 
Canteen Management System editFile.php unrestricted upload0.040.00885CVE-2022-43277
2132815.55.5
 
 
 
 
Tauri Filesystem Scope access control0.000.00885CVE-2022-41874
2132805.55.5
 
 
 
 
Xfce xfce4-settings xfce4-mime-helper argument injection0.050.01018CVE-2022-45062
2132793.53.5
 
 
 
 
FeehiCMS cross site scripting0.040.00885CVE-2022-43320
2132773.53.5
 
 
 
 
Shopwind Page.php cross site scripting0.090.00885CVE-2022-43321
2132767.37.3
 
 
 
 
Varnish Cache HTTP2 response splitting0.040.01018CVE-2022-45060
2132758.08.8
 
7.1
 
 
openldap2 untrusted search path0.040.00885CVE-2022-31253

92 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!