CVSSv3 11/14/2022

CVSSv3 Base

≤10
≤20
≤34
≤415
≤58
≤68
≤73
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤415
≤59
≤67
≤73
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤35
≤415
≤58
≤68
≤73
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤63
≤73
≤81
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2135984.34.3
 
 
 
 
Webmaster Tools Verification Plugin cross-site request forgery0.080.00885CVE-2022-3538
2135973.53.5
 
 
 
 
ITRS OP5 Monitor cross site scripting0.050.00885CVE-2021-40272
2135964.34.3
 
 
 
 
Concrete CMS External Concrete Authentication Service cross-site request forgery0.080.01018CVE-2022-43693
2135958.37.3
 
9.4
 
 
kareadita kavita authentication bypass0.080.00885CVE-2022-3993
2135945.44.3
 
6.5
 
 
Silicon Labs Ember ZNet Packet memory corruption0.050.00885CVE-2022-24938
2135936.55.6
 
7.5
 
 
HTMLDOC image_set_mask heap-based overflow0.080.00885CVE-2022-0137
2135923.53.5
 
 
 
 
Eramba GRC KPI Title Add cross site scripting0.080.00885CVE-2022-43342
2135914.34.3
 
 
 
 
DigitialPixies OAuth Client Plugin cross-site request forgery0.050.00885CVE-2022-3632
2135903.53.5
 
 
 
 
ProfileGrid Plugin cross site scripting0.070.00885CVE-2022-3578
2135893.53.5
 
 
 
 
WPB Show Core Plugin cross site scripting0.080.00885CVE-2022-3484
2135886.56.5
 
6.5
 
 
Silicon Labs Ember ZNet memory corruption0.090.00885CVE-2022-24937
2135875.55.5
 
 
 
 
WPForms Pro Plugin csv injection0.050.00885CVE-2022-3574
2135863.82.5
 
5.1
 
 
IBM MQ Internet Pass-Thru Trace File log file0.000.00885CVE-2022-35719
2135853.33.3
 
 
 
 
IBM CICS TX information disclosure0.040.00890CVE-2022-34312
2135842.42.4
 
 
 
 
DigitialPixies OAuth Client Plugin Setting cross site scripting0.080.00885CVE-2022-3631
2135832.42.4
 
 
 
 
Testimonials Plugin Setting cross site scripting0.050.00885CVE-2022-3539
2135825.35.3
 
5.3
 
 
IBM CICS TX HTTP Response Header information disclosure0.030.00954CVE-2022-34329
2135814.83.7
 
5.9
 
 
IBM CICS TX risky encryption0.030.00954CVE-2022-34319
2135807.36.5
 
8.1
 
 
SONiC buildimage DHCPv6 Packet memcpy buffer overflow0.080.01055CVE-2022-0324
2135793.73.1
 
4.3
 
 
IBM CICS TX information disclosure0.060.00954CVE-2022-34313
2135785.05.0
 
 
 
 
IBM CICS TX Standard/CICS TX Advanced redirect0.070.01136CVE-2022-38705
2135772.42.4
 
 
 
 
WP Attachments Plugin Setting cross site scripting0.050.00885CVE-2022-3469
2135764.34.3
 
 
 
 
Chat Bubble Plugin Contact Parameter cross site scripting0.080.00885CVE-2022-3415
2135754.34.3
 
 
 
 
reSmush.it Only Free Image Optimizer & Compress Plugin Plugin AJAX Action cross-site request forgery0.090.00885CVE-2022-2449
2135745.65.6
 
 
 
 
tagDiv Composer Plugin Facebook Login improper authentication0.160.00885CVE-2022-3477
2135735.55.5
 
 
 
 
reSmush.it Only Free Image Optimizer & Compress Plugin Plugin authorization0.090.00885CVE-2022-2450
2135726.36.3
 
 
 
 
Rukovoditel sql injection0.150.00885CVE-2022-43288
2135712.42.4
 
 
 
 
SourceCodester Sanitization Management System Banner Image cross site scripting0.220.00885CVE-2022-3992
2135703.53.5
 
 
 
 
Apache Jena SDB JDBC URL deserialization0.090.00885CVE-2022-45136
2135697.37.3
 
 
 
 
Apache SOAP RPCRouterServlet deserialization0.250.00885CVE-2022-45378
2135683.53.5
 
 
 
 
Pillow denial of service0.210.01018CVE-2022-45199
2135673.53.5
 
 
 
 
Pillow GIF Data denial of service0.260.01108CVE-2022-45198
2135663.53.5
 
 
 
 
GNOME Nautilus ZIP Archive get_basename null pointer dereference0.100.00890CVE-2022-37290
2135653.53.5
 
 
 
 
Ironman PowerShell Universal Web Server information disclosure0.050.00890CVE-2022-45183
2135644.74.7
 
 
 
 
Ironman PowerShell Universal Web Server pathname traversal0.040.01061CVE-2022-45184
2135635.55.5
 
 
 
 
Apache Airflow UI code injection0.540.11752CVE-2022-40127
2135623.53.5
 
 
 
 
Apache Airflow UI information disclosure0.040.00954CVE-2022-27949
2135616.05.6
 
6.5
 
 
PHP GD Extension imageloadfont buffer size0.370.00885CVE-2022-31630
2135603.53.5
 
 
 
 
Frappe Search navbar_search.html cross site scripting0.210.00954CVE-2022-3988
2135593.73.7
 
 
 
 
Xiongmai Camera XM-JPR2-LX cleartext transmission0.050.00885CVE-2021-38828
2135585.55.5
 
 
 
 
Xiongmai Camera XM-JPR2-LX Privilege Escalation0.050.00885CVE-2021-38827

Want to stay up to date on a daily basis?

Enable the mail alert feature now!