CVSSv3 11/17/2022

CVSSv3 Base

≤10
≤20
≤33
≤418
≤510
≤69
≤711
≤85
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤35
≤416
≤511
≤612
≤78
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤36
≤416
≤59
≤69
≤711
≤86
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤41
≤57
≤62
≤70
≤81
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2138653.53.5
 
 
 
 
Password Storage Application add-fee.php cross site scripting0.000.00885CVE-2022-43142
2138647.87.8
 
 
 
 
Cradlepoint IBR600 command injection0.000.00000CVE-2022-3086
2138634.04.0
 
 
 
 
Red Lion Controls Crimson path traversal0.000.00885CVE-2022-3090
2138626.36.3
 
 
 
 
Automotive Shop Management System sql injection0.030.00885CVE-2022-44403
2138616.36.3
 
 
 
 
Siemens Syngo Dynamics Web Service server-side request forgery0.030.00885CVE-2022-42894
2138606.36.3
 
 
 
 
Dolibarr API Privilege Escalation0.070.08382CVE-2022-43138
2138596.36.3
 
 
 
 
kkFileView server-side request forgery0.000.00885CVE-2022-43140
2138586.36.3
 
 
 
 
Lancet ZIP File path traversal0.040.01018CVE-2022-41920
2138576.36.3
 
 
 
 
oretnom23 Automotive Shop Management System sql injection0.040.00885CVE-2022-44402
2138565.55.5
 
 
 
 
rConfig PHP File unrestricted upload0.070.12682CVE-2022-44384
2138554.43.5
 
5.4
 
 
IBM Business Automation Workflow Web UI cross site scripting0.000.00885CVE-2022-38390
2138545.55.5
 
 
 
 
Siemens syngo Dynamics Web Service file inclusion0.000.00885CVE-2022-42893
2138533.53.5
 
 
 
 
Siemens syngo Dynamics path traversal0.040.00885CVE-2022-42892
2138525.55.5
 
 
 
 
Siemens Syngo Dynamics Web Service file inclusion0.030.00885CVE-2022-42891
2138515.55.5
 
 
 
 
Siemens syngo Dynamics Web Service file inclusion0.040.00885CVE-2022-42734
2138503.53.5
 
 
 
 
Siemens Syngo Dynamics Web Service access control0.000.00885CVE-2022-42733
2138493.53.5
 
 
 
 
Siemens syngo Dynamics Web Service file inclusion0.030.00885CVE-2022-42732
2138482.72.7
 
 
 
 
IBM UrbanCode Deploy LDAP Search permission0.040.00885CVE-2022-40751
2138475.05.0
 
 
 
 
Samba Kerberos Library/AD DC integer overflow1.350.00000CVE-2022-42898
2138462.42.4
 
 
 
 
Student Attendance Management System createClass.php cross site scripting0.040.00885CVE-2022-4053
2138454.74.7
 
 
 
 
Student Attendance Management System createClass.php sql injection0.040.00885CVE-2022-4052
2138446.36.3
 
 
 
 
Hostel Searching Project view-property.php sql injection0.870.00885CVE-2022-4051
2138437.57.5
 
7.5
 
 
Veritas NetBackup Java Admin Console Privilege Escalation0.040.00885CVE-2022-45461
2138426.36.3
 
 
 
 
Online Diagnostic Lab Management System login.php sql injection0.000.00885CVE-2022-43135
2138413.53.5
 
 
 
 
Keyfactor EJBCA cross site scripting0.000.00885CVE-2022-42954
2138404.34.3
 
 
 
 
Doufox cross-site request forgery0.040.00885CVE-2022-42246
2138396.36.3
 
 
 
 
Dreamer CMS sql injection0.050.00885CVE-2022-42245
2138383.53.5
 
 
 
 
BACKCLICK Professional Back-End Tomcat Server information disclosure0.040.00885CVE-2022-44008
2138373.62.4
 
4.8
 
 
ScratchLogin Extension Verification Failure Message cross site scripting0.040.00885CVE-2022-42985
2138363.53.5
 
 
 
 
Amasty Blog Pro Plugin Preview cross site scripting0.070.02561CVE-2022-36432
2138356.36.3
 
 
 
 
Simple Image Gallery System Album Page sql injection0.040.00885CVE-2021-38819
2138346.36.3
 
 
 
 
BACKCLICK Professional sql injection0.000.00885CVE-2022-44003
2138333.53.5
 
 
 
 
BACKCLICK Professional cross site scripting0.040.00885CVE-2022-44002
2138325.55.5
 
 
 
 
BACKCLICK Professional Internal Communications Interface Privilege Escalation0.040.00885CVE-2022-44000
2138315.55.5
 
 
 
 
BACKCLICK Professional CORBA Management Services Privilege Escalation0.030.00885CVE-2022-43999
2138303.53.5
 
 
 
 
EqualWeb Accessibility Widget Message Event accessibility.js cross site scripting0.030.00885CVE-2022-42960
2138293.53.5
 
 
 
 
Keyfactor PrimeKey EJBCA viewendentity.jsp cross site scripting0.030.00885CVE-2022-39834
2138283.53.5
 
 
 
 
Hustoj problem_judge.php cross site scripting0.050.00885CVE-2022-42187
2138274.34.3
 
 
 
 
BKG Professional NtripCaster NTRIP Sourcetable denial of service0.040.00885CVE-2022-42982
2138263.13.1
 
 
 
 
BACKCLICK Professional Email information disclosure0.040.00885CVE-2022-44005
2138257.37.3
 
 
 
 
BACKCLICK Professional password recovery0.050.00885CVE-2022-44004
2138245.65.6
 
 
 
 
BACKCLICK Professional session fixiation0.030.00885CVE-2022-44007
2138234.64.6
 
4.6
 
 
FreeRDP urbdrc Channel out-of-bounds0.040.00885CVE-2022-39319
2138223.72.6
 
4.8
 
 
FreeRDP urbdrc Channel divide by zero0.040.00885CVE-2022-39318
2138214.64.6
 
4.6
 
 
FreeRDP ZGFX Decoder out-of-bounds0.050.00885CVE-2022-39317
2138203.73.7
 
3.7
 
 
Zulip information disclosure0.000.00885CVE-2022-41914
2138194.64.6
 
4.6
 
 
FreeRDP Drive Channel memory corruption0.040.00885CVE-2022-41877
2138185.05.0
 
4.9
 
 
KubeVela APIServer server-side request forgery0.000.00885CVE-2022-39383
2138172.62.6
 
2.6
 
 
FreeRDP Drive Channel path traversal0.000.00885CVE-2022-39347
2138165.55.5
 
5.5
 
 
FreeRDP out-of-bounds0.040.00885CVE-2022-39320

7 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!