Exploit Prices 03/30/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix68
Temporary Fix0
Workaround0
Unavailable0
Not Defined30

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept4
Unproven0
Not Defined94

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤414
≤510
≤617
≤735
≤818
≤92
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤416
≤59
≤641
≤710
≤818
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k16
<2k12
<5k32
<10k7
<25k10
<50k1
<100k20
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k48
<2k10
<5k11
<10k7
<25k22
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
03/30/2022$25k-$100k$5k-$25kGoogle Chrome QR Code Generator use after freeNot Defined
 
 
0.03CVE-2022-1127
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Extensions Remote Code ExecutionNot Defined
 
 
0.05CVE-2022-1137
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Virtual Keyboard Remote Code ExecutionNot Defined
 
 
0.05CVE-2022-1132
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Tab Strip use after freeNot Defined
 
 
0.06CVE-2022-1136
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Background Fetch API Remote Code ExecutionNot Defined
 
 
0.00CVE-2022-1139
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Extensions use after freeNot Defined
 
 
0.03CVE-2022-1145
03/30/2022$25k-$100k$5k-$25kGoogle Chrome WebOTP Remote Code ExecutionNot Defined
 
 
0.06CVE-2022-1130
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Portals use after freeNot Defined
 
 
0.03CVE-2022-1125
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Web Share API Remote Code ExecutionNot Defined
 
 
0.06CVE-2022-1128
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Full Screen Mode Remote Code ExecutionNot Defined
 
 
0.06CVE-2022-1129
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Cast UI use after freeNot Defined
 
 
0.00CVE-2022-1131
03/30/2022$25k-$100k$5k-$25kGoogle Chrome WebRTC use after freeNot Defined
 
 
0.06CVE-2022-1133
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Shopping Cart use after freeNot Defined
 
 
0.06CVE-2022-1135
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Web Cursor Remote Code ExecutionNot Defined
 
 
0.00CVE-2022-1138
03/30/2022$25k-$100k$5k-$25kGoogle Chrome File Manager use after freeNot Defined
 
 
0.03CVE-2022-1141
03/30/2022$25k-$100k$5k-$25kGoogle Chrome WebUI heap-based overflowNot Defined
 
 
0.03CVE-2022-1142
03/30/2022$25k-$100k$5k-$25kGoogle Chrome WebUI heap-based overflowNot Defined
 
 
0.05CVE-2022-1143
03/30/2022$25k-$100k$5k-$25kGoogle Chrome WebUI use after freeNot Defined
 
 
0.07CVE-2022-1144
03/30/2022$25k-$100k$5k-$25kGoogle Chrome Resource Timing Remote Code ExecutionNot Defined
 
 
0.00CVE-2022-1146
03/30/2022$25k-$100k$5k-$25kGoogle Chrome v8 type confusionNot Defined
 
 
0.00CVE-2022-1134
03/30/2022$25k-$100k$5k-$25kGoogle Android Tremolo out-of-bounds readNot Defined
 
 
0.03CVE-2021-39762
03/30/2022$5k-$25k$0-$5kVMware Spring Boot SpringShell code injectionProof-of-Concept
 
Link0.00CVE-2022-22965
03/30/2022$5k-$25k$0-$5kVMware Spring Cloud Function SpEL Expression code injectionProof-of-Concept
 
Link0.00CVE-2022-22963
03/30/2022$5k-$25k$5k-$25kTrend Micro Apex Central unrestricted uploadNot Defined
 
 
0.00CVE-2022-26871
03/30/2022$5k-$25k$0-$5kLinux Kernel Virtio Device Driver vdpa.c vhost_vdpa_config_validate integer overflowNot Defined
 
 
0.03CVE-2022-0998
03/30/2022$5k-$25k$0-$5kRSA Archer Endpoint CheckTaskAccess access controlNot Defined
 
 
0.04CVE-2021-41594
03/30/2022$5k-$25k$0-$5kRSA Archer Attachment access controlNot Defined
 
 
0.06CVE-2022-26949
03/30/2022$5k-$25k$5k-$25kJoomla Privilege EscalationNot Defined
 
 
0.07CVE-2022-23799
03/30/2022$5k-$25k$0-$5kVMware vCenter Server/Cloud Foundation File permissionNot Defined
 
 
0.05CVE-2022-22948
03/30/2022$5k-$25k$5k-$25kJoomla sql injectionNot Defined
 
 
0.05CVE-2022-23797
03/30/2022$5k-$25k$5k-$25kLinux Kernel Audit Rule access controlNot Defined
 
 
0.03CVE-2020-35501
03/30/2022$5k-$25k$5k-$25kJoomla redirectNot Defined
 
 
0.06CVE-2022-23798
03/30/2022$5k-$25k$5k-$25kJoomla improper authenticationNot Defined
 
 
0.05CVE-2022-23795
03/30/2022$5k-$25k$0-$5kRSA Archer redirectNot Defined
 
 
0.03CVE-2022-26950
03/30/2022$5k-$25k$5k-$25kJoomla tar path traversalNot Defined
 
 
0.03CVE-2022-23793
03/30/2022$5k-$25k$0-$5kGoogle run-dev-server HTTP Request permissionNot Defined
 
 
0.03CVE-2022-0343
03/30/2022$5k-$25k$5k-$25kJoomla Source Code information disclosureNot Defined
 
 
0.03CVE-2022-23794
03/30/2022$5k-$25k$0-$5kRSA Archer cross site scriptingNot Defined
 
 
0.03CVE-2022-26951
03/30/2022$0-$5k$0-$5kJoomla com_fields cross site scriptingNot Defined
 
 
0.03CVE-2022-23796
03/30/2022$0-$5k$0-$5kJoomla Filter cross site scriptingNot Defined
 
 
0.03CVE-2022-23800
03/30/2022$0-$5k$0-$5kJoomla com_media cross site scriptingNot Defined
 
 
0.03CVE-2022-23801
03/30/2022$0-$5k$0-$5kRSA Archer cross site scriptingNot Defined
 
 
0.03CVE-2022-26947
03/30/2022$0-$5k$0-$5kTIBCO Managed File Transfer Platform Server cfsend/cfrecv/CyberResp Privilege EscalationNot Defined
 
 
0.07CVE-2022-22772
03/30/2022$0-$5k$0-$5kApache DolphinScheduler User Registration resource consumptionNot Defined
 
 
0.03CVE-2022-25598
03/30/2022$0-$5k$0-$5kopenjpeg2 opj2_decompress initializationNot Defined
 
 
0.03CVE-2022-1122
03/30/2022$0-$5k$0-$5kvim utf_ptr2char use after freeNot Defined
 
 
0.00CVE-2022-1154
03/30/2022$0-$5k$0-$5kDrayTek Vigor 2960/Vigor 3900/Vigor 300B HTTP mainfunction.cgi format stringNot Defined
 
 
0.00CVE-2021-42911
03/30/2022$0-$5k$0-$5kRuoYi XLSX Log File csv injectionNot Defined
 
 
0.00CVE-2022-23868
03/30/2022$0-$5k$0-$5kNVIDIA CUDA Toolkit SDK cuobjdump buffer overflowNot Defined
 
 
0.06CVE-2022-21821
03/30/2022$0-$5k$0-$5kDrayTek Vigor 2960/Vigor 3900/Vigor 300B HTTP Message mainfunction.cgi command injectionNot Defined
 
 
0.03CVE-2021-43118

48 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!