CVSSv3 11/24/2022

CVSSv3 Base

≤10
≤20
≤30
≤44
≤512
≤610
≤711
≤85
≤910
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤48
≤58
≤615
≤710
≤82
≤99
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤44
≤516
≤68
≤79
≤87
≤98
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤62
≤70
≤84
≤91
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2143456.14.5
 
7.8
 
 
wger excessive authentication0.480.00885CVE-2022-2650
2143444.34.3
 
 
 
 
BeCustom Plugin cross-site request forgery0.670.00000CVE-2022-3747
2143433.53.5
 
 
 
 
Apache DolphinScheduler Config File information disclosure0.600.00885CVE-2022-26885
2143428.88.8
 
 
 
 
Moxa UC-8100A-ME-T unnecessary privileges0.440.00000CVE-2022-3088
2143418.88.8
 
 
 
 
GE CIMPLICITY out-of-bounds write0.990.00000CVE-2022-3092
2143408.88.8
 
 
 
 
GE CIMPLICITY CGmmiOptionContainer untrusted pointer dereference0.870.00000CVE-2022-2002
2143398.88.8
 
 
 
 
GE CIMPLICITY heap-based overflow0.370.00000CVE-2022-2948
2143388.88.8
 
 
 
 
GE CIMPLICITY CGmmiOptionContainer uninitialized pointer0.440.00000CVE-2022-2952
2143378.88.8
 
 
 
 
GE CIMPLICITY CGmmiRootOptionTable uninitialized pointer0.400.00000CVE-2022-3084
2143363.53.5
 
 
 
 
Digital Alert Systems DASDEC Header cross site scripting0.330.00000CVE-2022-40204
2143354.34.3
 
 
 
 
Digital Alert Systems DASDEC Login Page cross site scripting0.360.00000CVE-2019-18265
2143345.35.3
 
 
 
 
AVEVA Edge path traversal0.490.00000CVE-2021-42797
2143339.89.8
 
 
 
 
AVEVA Edge StADOSvr.exe access control0.680.00000CVE-2021-42796
2143324.34.3
 
 
 
 
AVEVA Edge information disclosure0.330.00000CVE-2021-42794
2143314.34.3
 
 
 
 
rickxy Stock Management System cross-site request forgery0.920.00885CVE-2022-4090
2143305.96.3
 
5.5
 
 
Pilz PAScal/PASconnect/PASmotion/PNOZmulti Configurator ZIP Configuration File path traversal0.080.00885CVE-2022-40976
2143296.36.3
 
 
 
 
KNIME Analytics Platform ZIP Archive Extraction path traversal0.130.01103CVE-2022-44749
2143287.47.3
 
7.5
 
 
Pilz PASvisu Server ZIP Configuration File path traversal0.210.01055CVE-2022-40977
2143275.35.3
 
5.3
 
 
Mitsubishi Electric GOT2000 denial of service0.080.01055CVE-2022-40266
2143266.76.3
 
7.1
 
 
KNIME Server ZIP Archive Extraction path traversal0.130.01156CVE-2022-44748
2143257.37.3
 
 
 
 
qmpaas leadshop routine0.160.00885CVE-2022-4136
2143244.34.3
 
 
 
 
rickxy Stock Management System processlogin.php cross site scripting0.680.00885CVE-2022-4089
2143237.37.3
 
 
 
 
Backdoor.Win32.Serman.a Service Port 21422 backdoor0.080.00000
2143227.37.3
 
 
 
 
rickxy Stock Management System processlogin.php sql injection0.760.00885CVE-2022-4088
2143214.34.3
 
 
 
 
YJCMS user_edit.html information disclosure0.130.00885CVE-2022-45276
2143205.55.5
 
 
 
 
Jizhicms memberedit.html sql injection0.080.00885CVE-2022-44140
2143193.53.5
 
 
 
 
EyouCMS login.php cross site scripting0.120.00885CVE-2022-45280
2143185.55.5
 
 
 
 
iTerm2 DECRQSS Response Privilege Escalation0.120.00885CVE-2022-45872
2143175.55.5
 
 
 
 
Boa sql injection0.170.00885CVE-2022-44117
2143168.88.8
 
 
 
 
SolarWinds Network Performance Monitor WebUserSettingsCrudHandler input validation0.240.00000CVE-2022-36960
2143155.55.5
 
 
 
 
qpress qp File pathname traversal0.120.00950CVE-2022-45866
2143144.34.3
 
 
 
 
Foxit PDF Reader PDF File Parser out-of-bounds0.120.00000CVE-2022-43640
2143134.34.3
 
 
 
 
Foxit PDF Reader U3D File Parser use after free0.120.00000CVE-2022-43641
2143125.84.3
 
7.4
 
 
XWiki Platform cross-site request forgery0.240.00885CVE-2022-41927
2143116.36.3
 
 
 
 
Foxit PDF Reader U3D File Parser use after free0.210.00000CVE-2022-43637
2143106.36.3
 
 
 
 
Foxit PDF Reader U3D File Parser use after free0.160.00000CVE-2022-43638
2143096.36.3
 
 
 
 
Foxit PDF Reader U3D File Parser use after free0.130.00000CVE-2022-43639
2143087.27.2
 
 
 
 
SolarWinds Network Performance Monitor GetPdf command injection0.200.00000CVE-2022-36962
2143078.88.8
 
 
 
 
SolarWinds Network Performance Monitor DeserializeFromStrippedXml deserialization0.240.00000CVE-2022-36964
2143063.33.3
 
 
 
 
systemd elf-util.c parse_elf_object deadlock0.080.00890CVE-2022-45873
2143054.34.3
 
 
 
 
JIZHI CMS adminadd.html cross-site request forgery0.130.00885CVE-2021-29334
2143046.34.3
 
8.4
 
 
H2 Database Engine CLI information disclosure0.320.00885CVE-2022-45868
2143036.94.3
 
9.6
 
 
Tailscale tailscaled cross-site request forgery0.170.02509CVE-2022-41924
2143028.27.3
 
9.1
 
 
Grails Spring Security Core Plugin privileges management0.080.00954CVE-2022-41923
2143014.14.3
 
3.8
 
 
Tailscale cross-site request forgery0.080.00954CVE-2022-41925
2143005.55.5
 
 
 
 
Jizhicms get_fields.html sql injection0.080.00885CVE-2022-45278
2142996.36.3
 
 
 
 
Artifex MuJS JavaScript File O_getOwnPropertyDescriptor memory corruption0.160.04428CVE-2022-44789
2142985.55.5
 
 
 
 
dedecmdv6 sys_sql_query.php sql injection0.170.00885CVE-2022-44120
2142974.64.6
 
 
 
 
dedecmdv6 file_manage_control.php denial of service0.080.00885CVE-2022-43196
2142968.67.3
 
10.0
 
 
Optica JSON oj.safe_load deserialization0.120.05634CVE-2022-41875

3 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!