National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-29820 - IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l... read CVE-2021-29820
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-29819 - IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l... read CVE-2021-29819
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-29818 - IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l... read CVE-2021-29818
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-34572 - Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.
    Published: September 16, 2021; 9:15:14 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 3.3 LOW

  • CVE-2021-29817 - IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l... read CVE-2021-29817
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-29821 - IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l... read CVE-2021-29821
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-33719 - A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays ... read CVE-2021-33719
    Published: September 14, 2021; 7:15:24 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-39213 - GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable... read CVE-2021-39213
    Published: September 15, 2021; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2021-31891 - A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance ... read CVE-2021-31891
    Published: September 14, 2021; 7:15:24 AM -0400

    V3.1: 10.0 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2021-39211 - GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax... read CVE-2021-39211
    Published: September 15, 2021; 1:15:10 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-39210 - GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cook... read CVE-2021-39210
    Published: September 15, 2021; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-27046 - A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.
    Published: September 15, 2021; 1:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.4 MEDIUM

  • CVE-2021-27045 - A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
    Published: September 15, 2021; 1:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-40862 - HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. F... read CVE-2021-40862
    Published: September 15, 2021; 3:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-24396 - A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
    Published: September 20, 2021; 6:15:07 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-27391 - A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All ver... read CVE-2021-27391
    Published: September 14, 2021; 7:15:23 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2020-21125 - An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
    Published: September 15, 2021; 1:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-3804 - taro is vulnerable to Inefficient Regular Expression Complexity
    Published: September 17, 2021; 3:15:09 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2021-3807 - ansi-regex is vulnerable to Inefficient Regular Expression Complexity
    Published: September 17, 2021; 3:15:09 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2021-41317 - XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.
    Published: September 17, 2021; 12:15:07 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH