U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-39226 - Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website ... read CVE-2022-39226
    Published: September 29, 2022; 4:15:13 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-25315 - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
    Published: February 18, 2022; 12:15:08 AM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-25314 - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
    Published: February 18, 2022; 12:15:08 AM -0500

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-29260 - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
    Published: September 02, 2022; 7:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2018-17766 - Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
    Published: September 09, 2020; 3:15:15 PM -0400

    V3.1: 4.6 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2018-17765 - Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N.
    Published: September 09, 2020; 3:15:15 PM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2020-1941 - In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
    Published: May 14, 2020; 1:15:12 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-11973 - Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
    Published: May 14, 2020; 1:15:12 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2019-15606 - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
    Published: February 07, 2020; 10:15:11 AM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2020-0549 - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
    Published: January 27, 2020; 8:15:12 PM -0500

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2020-6461 - Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: May 21, 2020; 12:15:11 AM -0400

    V3.1: 9.6 CRITICAL
    V2.0: 6.8 MEDIUM

  • CVE-2020-6460 - Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
    Published: May 21, 2020; 12:15:11 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-6458 - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
    Published: May 21, 2020; 12:15:10 AM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-6457 - Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
    Published: May 21, 2020; 12:15:10 AM -0400

    V3.1: 9.6 CRITICAL
    V2.0: 6.8 MEDIUM

  • CVE-2019-10173 - It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarsh... read CVE-2019-10173
    Published: July 23, 2019; 9:15:13 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2019-12973 - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
    Published: June 26, 2019; 2:15:10 PM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2019-3773 - Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
    Published: January 18, 2019; 5:29:01 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-43462 - A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
    Published: April 04, 2022; 12:15:08 PM -0400

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2021-43456 - An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
    Published: April 04, 2022; 11:15:09 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2020-6466 - Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: May 21, 2020; 12:15:11 AM -0400

    V3.1: 9.6 CRITICAL
    V2.0: 6.8 MEDIUM