CVSSv3 11/18/2022

CVSSv3 Base

≤10
≤20
≤31
≤411
≤514
≤614
≤714
≤88
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤415
≤510
≤614
≤714
≤89
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤35
≤410
≤513
≤610
≤723
≤83
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤510
≤67
≤76
≤80
≤98
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2139305.55.5
 
 
 
 
drachtio server request-handler.cpp event_cb use after free0.050.00885CVE-2022-45474
2139296.36.3
 
 
 
 
drachtio server permission0.040.00885CVE-2022-45473
2139285.55.5
 
 
 
 
D-Link DIR3060 buffer overflow0.320.00885CVE-2022-44204
2139276.36.3
 
 
 
 
Automotive Shop Management System sql injection0.000.00885CVE-2022-44379
2139265.55.5
 
 
 
 
Automotive Shop Management System sql injection0.080.00885CVE-2022-44378
2139253.53.5
 
 
 
 
JetBrains Hub Email allocation of resources0.000.00885CVE-2022-45471
2139245.35.3
 
 
 
 
Karmasis Infraskope Security Event Manager information disclosure0.000.00885CVE-2022-24037
2139237.37.3
 
 
 
 
Karmasis Infraskope Security Event Manager access control0.040.00885CVE-2022-24038
2139223.83.5
 
4.1
 
 
Webvendome GET Request information disclosure0.040.00885CVE-2022-39178
2139214.34.3
 
4.3
 
 
WPML Multilingual CMS Premium Plugin cross-site request forgery0.050.00885CVE-2022-45072
2139204.84.3
 
5.4
 
 
WPML Multilingual CMS Premium Plugin cross-site request forgery0.050.00885CVE-2022-45071
2139194.43.5
 
5.4
 
 
iFeature Slider Plugin cross site scripting0.040.00885CVE-2022-45375
2139183.62.4
 
4.8
 
 
Chameleon Plugin cross site scripting0.040.00885CVE-2022-44736
2139173.62.4
 
4.8
 
 
Anthologize Plugin cross site scripting0.000.00885CVE-2022-44591
2139162.42.4
 
 
 
 
WonderCMS Configuration Panel cross site scripting0.000.00885CVE-2022-43332
2139155.55.5
 
 
 
 
XXL-Job JobLogController.java server-side request forgery0.040.00885CVE-2022-43183
2139143.62.4
 
4.8
 
 
Ezoic Plugin cross site scripting0.050.00885CVE-2022-41315
2139133.62.4
 
4.8
 
 
News Announcement Scroll Plugin cross site scripting0.050.00885CVE-2022-40694
2139124.34.3
 
 
 
 
wpForo Forum Plugin cross-site request forgery0.000.00885CVE-2022-40192
2139114.23.5
 
4.9
 
 
Reports Plugin cross site scripting0.040.00885CVE-2022-39181
2139105.24.3
 
6.1
 
 
Ultimate Tables Plugin cross site scripting0.050.00885CVE-2022-36357
2139094.43.5
 
5.4
 
 
Quiz and Survey Master Plugin cross site scripting0.000.00885CVE-2021-36905
2139087.87.8
 
 
 
 
Media5 Mediatrix 4102 UART Port Local Privilege Escalation0.050.00885CVE-2022-43096
2139075.55.5
 
 
 
 
Intelbras SG 2404 MR User Cookie access control0.040.00885CVE-2022-43308
2139067.56.3
 
8.8
 
 
Delta Electronics DIAEnergie HandlerTag_KID.ashx sql injection0.050.00885CVE-2022-43506
2139057.56.3
 
8.8
 
 
Delta Electronics DIAEnergie HandlerPage_KID.ashx sql injection0.000.00885CVE-2022-43457
2139047.56.3
 
8.8
 
 
Delta Electronics DIAEnergie FtyInfoSetting.aspx sql injection0.040.00885CVE-2022-43452
2139037.56.3
 
8.8
 
 
Delta Electronics DIAEnergie AM_EBillAnalysis.aspx sql injection0.050.00885CVE-2022-43447
2139023.53.5
 
 
 
 
Zoho ManageEngine SupportCenter Plus User List information disclosure0.000.00885CVE-2022-42903
2139017.56.3
 
8.8
 
 
Delta Electronics DIAEnergie Handler_CFG.ashx sql injection0.070.00885CVE-2022-41775
2139004.34.3
 
 
 
 
Ezoic Plugin Setting cross site scripting0.030.00885CVE-2022-41132
2138993.53.5
 
 
 
 
WithSecure denial of service0.120.00885CVE-2022-38165
2138986.36.3
 
6.3
 
 
Webvendome GET Request sql injection0.000.00885CVE-2022-36787
2138975.55.5
 
 
 
 
Proofpoint Enterprise Protection Security Control access control0.070.00885CVE-2021-31608
2138966.36.3
 
 
 
 
BACKCLICK Professional CORBA Back-End Services improper authentication0.040.00885CVE-2022-44001
2138956.36.3
 
 
 
 
Online Leave Management System sql injection0.050.00885CVE-2022-43179
2138946.36.3
 
6.3
 
 
Crowdsignal Dashboard Plugin access control0.000.00885CVE-2022-45069
2138936.56.3
 
6.8
 
 
Export Users with Meta Plugin csv injection0.040.00885CVE-2022-44577
2138926.46.3
 
6.5
 
 
ProfileGrid Plugin csv injection0.080.00885CVE-2022-41791
2138918.16.3
 
9.9
 
 
wpForo Forum Plugin unrestricted upload0.160.00885CVE-2022-40200
2138908.88.8
 
8.8
 
 
Zoom Rooms Installer uncontrolled search path0.040.00885CVE-2022-36924
2138894.35.3
 
3.3
 
 
Zoom Client for Meetings/Rooms for Conference Room code injection0.090.00885CVE-2022-28766
2138883.33.3
 
 
 
 
Synthesia MIDI File denial of service0.000.00885CVE-2021-33897
2138875.96.3
 
5.4
 
 
WooSwipe WooCommerce Gallery Plugin access control0.050.00885CVE-2022-45066
2138866.36.3
 
 
 
 
OPC Foundation Local Discovery Server Configuration File race condition0.070.00885CVE-2022-44725
2138855.35.3
 
 
 
 
Google Android SharedMetadata.cpp shared_metadata_init out-of-bounds write0.080.01036CVE-2022-42533
2138848.37.8
 
8.8
 
 
Zoom Client for Meetings Installer permission race condition during resource copy0.050.00885CVE-2022-28768
2138834.24.2
 
 
 
 
Google Android mprot_unmap input validation0.120.01036CVE-2022-20460
2138824.24.2
 
 
 
 
Google Android out-of-bounds write0.080.01036CVE-2022-20428
2138814.24.2
 
 
 
 
Google Android input validation0.120.01036CVE-2022-20427

15 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!