CVSSv3 11/22/2022

CVSSv3 Base

≤10
≤20
≤32
≤423
≤56
≤643
≤712
≤85
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤423
≤55
≤649
≤76
≤84
≤93
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤425
≤57
≤640
≤713
≤84
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤61
≤72
≤85
≤91
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2142185.55.5
 
 
 
 
ZTE MF286R Wifi Interface buffer overflow0.58+0.00000CVE-2022-39067
2142175.55.5
 
 
 
 
ZTE MF286R Phonebook Interface sql injection0.58+0.00000CVE-2022-39066
2142165.24.1
 
6.4
 
 
super-xray unnecessary privileges0.72+0.00000CVE-2022-41950
2142156.36.3
 
 
 
 
ZTE PON OLT access control0.65+0.00000CVE-2022-39070
2142145.55.5
 
 
 
 
Billing System Project fetchOrderData.php sql injection0.65+0.00000CVE-2022-43212
2142133.53.5
 
 
 
 
Backdrop CMS Comment cross site scripting0.85+0.00000CVE-2022-42097
2142123.53.5
 
 
 
 
Backdrop CMS Content cross site scripting0.76+0.00000CVE-2022-42094
2142113.53.5
 
 
 
 
Sankhya ERP Caixa de Entrada cross site scripting0.82+0.00000CVE-2022-42989
2142105.55.5
 
 
 
 
D-Link DIR-882 webGetVarString buffer overflow0.75+0.00000CVE-2022-44807
2142095.55.5
 
 
 
 
D-Link DIR-882 buffer overflow0.79+0.00000CVE-2022-44806
2142085.55.5
 
 
 
 
D-Link DIR-882 websRedirect buffer overflow0.89+0.00000CVE-2022-44804
2142075.55.5
 
 
 
 
D-Link DIR-878 access control0.75+0.00000CVE-2022-44801
2142065.55.5
 
 
 
 
D-Link DIR878 buffer overflow0.69+0.00000CVE-2022-44202
2142055.55.5
 
 
 
 
D-Link DIR823G command injection0.79+0.00000CVE-2022-44201
2142045.55.5
 
 
 
 
Netgear R7000P httpd buffer overflow0.72+0.00000CVE-2022-44184
2142035.55.5
 
 
 
 
Netgear R7000P buffer overflow0.69+0.00000CVE-2022-44200
2142025.55.5
 
 
 
 
Netgear R7000P buffer overflow0.75+0.00000CVE-2022-44199
2142015.55.5
 
 
 
 
Netgear R7000P buffer overflow0.78+0.00000CVE-2022-44198
2142005.55.5
 
 
 
 
Netgear R7000P buffer overflow0.75+0.00000CVE-2022-44197
2141995.55.5
 
 
 
 
Netgear R7000P buffer overflow0.79+0.00000CVE-2022-44196
2141985.55.5
 
 
 
 
Netgear R7000P buffer overflow0.79+0.00000CVE-2022-44194
2141975.55.5
 
 
 
 
Netgear R7000P httpd buffer overflow0.75+0.00000CVE-2022-44193
2141965.55.5
 
 
 
 
Netgear R7000P buffer overflow0.76+0.00000CVE-2022-44191
2141955.55.5
 
 
 
 
Netgear R7000P buffer overflow0.69+0.00000CVE-2022-44190
2141945.55.5
 
 
 
 
Netgear R7000P httpd buffer overflow0.72+0.00000CVE-2022-44188
2141935.55.5
 
 
 
 
Netgear R7000P wan_dns1_pri buffer overflow0.79+0.00000CVE-2022-44187
2141925.55.5
 
 
 
 
Netgear R7000P httpd buffer overflow0.65+0.00000CVE-2022-44186
2141913.53.5
 
 
 
 
PHPGurukul Teachers Record Management System Add Subject Page cross site scripting0.75+0.00000CVE-2022-41445
2141905.55.5
 
 
 
 
Microweber Header injection0.72+0.00000CVE-2022-33012
2141894.84.3
 
5.4
 
 
All-In-One Security Security and Firewall Plugin cross-site request forgery0.75+0.00000CVE-2022-44737
2141887.57.5
 
7.5
 
 
Schneider Electric Modicon M340 CPU Ethernet privileges management0.62+0.00000CVE-2022-0222
2141875.55.5
 
 
 
 
D-Link DIR-823G HNAP API HNAP1 command injection0.62+0.00000CVE-2022-44808
2141865.35.3
 
 
 
 
Synapse URL Preview resource consumption0.68+0.00000CVE-2022-41952
2141855.55.5
 
 
 
 
KLiK SocialMediaWebsite profile.php sql injection0.72+0.00000CVE-2022-42098
2141848.38.8
 
7.8
 
 
Linux Kernel Local Privilege io_uring use after free1.51+0.00000CVE-2022-3910
2141833.53.5
 
 
 
 
Backdrop CMS Post Content cross site scripting0.860.00000CVE-2022-42096
2141823.53.5
 
 
 
 
MyBB MyCode Visual Editor cross site scripting1.510.00000CVE-2022-43707
2141813.53.5
 
 
 
 
SilverStripe Assets GPX File cross site scripting1.340.00000CVE-2022-38147
2141803.53.5
 
 
 
 
SilverStripe Assets/Framework Shortcode cross site scripting1.550.00000CVE-2022-38724
2141793.53.5
 
 
 
 
SilverStripe CMS Custom Meta Tag cross site scripting1.650.00000CVE-2022-37421
2141783.53.5
 
 
 
 
SilverStripe Framework HTMLEditor cross site scripting1.530.00000CVE-2022-37430
2141773.53.5
 
 
 
 
SilverStripe Framework HTMLEditor cross site scripting1.580.00000CVE-2022-37429
2141763.53.5
 
 
 
 
SilverStripe Framework cross site scripting1.380.00000CVE-2022-38462
2141753.53.5
 
 
 
 
SilverStripe versioned-admin Compare Mode cross site scripting1.380.00000CVE-2022-38145
2141747.57.5
 
7.5
 
 
Schneider Electric Modicon MC80 Modbus TCP Protocol integer underflow1.620.00000CVE-2022-37301
2141735.23.3
 
7.1
 
 
Hitachi Energy PCM600 IED ConnPack cleartext storage1.690.00000CVE-2022-2513
2141723.53.5
 
 
 
 
Muffingroup Betheme Theme cross site scripting1.840.00000CVE-2022-45363
2141715.55.5
 
 
 
 
Fusiondirectory user session1.790.00000CVE-2022-36179
2141703.53.5
 
 
 
 
MyBB Post Attachments Interface cross site scripting1.890.00000CVE-2022-43708
2141698.88.8
 
 
 
 
HPE OfficeConnect 1820 improper authentication1.990.00000CVE-2022-37932

45 more entries are not shown

Do you know our Splunk app?

Download it now for free!