National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-27258 - This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSett... read CVE-2021-27258
    Published: April 14, 2021; 12:15:13 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-27247 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa... read CVE-2021-27247
    Published: April 14, 2021; 12:15:13 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-26031 - An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
    Published: April 14, 2021; 2:15:14 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-29429 - In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files a... read CVE-2021-29429
    Published: April 12, 2021; 6:15:13 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2021-28826 - The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability t... read CVE-2021-28826
    Published: April 14, 2021; 1:15:14 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-28825 - The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that ... read CVE-2021-28825
    Published: April 14, 2021; 1:15:14 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-31254 - Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
    Published: April 19, 2021; 3:15:18 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2018-10912 - keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could u... read CVE-2018-10912
    Published: July 23, 2018; 6:29:00 PM -0400

    V3.1: 4.9 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-9667 - Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of th... read CVE-2020-9667
    Published: April 16, 2021; 2:15:13 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2020-36322 - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vu... read CVE-2020-36322
    Published: April 14, 2021; 2:15:12 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2021-26076 - The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can ... read CVE-2021-26076
    Published: April 14, 2021; 8:15:12 PM -0400

    V3.1: 3.7 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2021-26075 - The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full pat... read CVE-2021-26075
    Published: April 14, 2021; 8:15:12 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-29654 - AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
    Published: April 14, 2021; 2:15:14 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-7269 - Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is ... read CVE-2020-7269
    Published: April 15, 2021; 4:15:12 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-23884 - Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the passwor... read CVE-2021-23884
    Published: April 15, 2021; 4:15:14 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 2.7 LOW

  • CVE-2021-23368 - The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
    Published: April 12, 2021; 10:15:14 AM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-7270 - Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is ... read CVE-2020-7270
    Published: April 15, 2021; 4:15:14 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-23886 - Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. Th... read CVE-2021-23886
    Published: April 15, 2021; 4:15:14 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2020-29593 - An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
    Published: April 14, 2021; 11:15:13 AM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-3017 - The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
    Published: April 14, 2021; 2:15:14 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM