National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>BETA JSON Vulnerability Feeds Now Available!</strong>
New Data Feeds
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-0373 A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affe... read CVE-2018-0373
    Published: June 21, 2018; 07:29:01 AM -04:00

    V3: 5.5 MEDIUM
     V2: 4.9 MEDIUM

  • CVE-2018-0363 A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform... read CVE-2018-0363
    Published: June 21, 2018; 07:29:01 AM -04:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-0359 A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The... read CVE-2018-0359
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 5.5 MEDIUM
     V2: 2.1 LOW

  • CVE-2018-0358 A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of... read CVE-2018-0358
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-0337 A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper... read CVE-2018-0337
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-0313 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due... read CVE-2018-0313
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0311 A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists becaus... read CVE-2018-0311
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 7.8 HIGH

  • CVE-2018-0309 A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, rem... read CVE-2018-0309
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.7 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-0306 A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An att... read CVE-2018-0306
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-0303 A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected... read CVE-2018-0303
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 8.8 HIGH
     V2: 8.3 HIGH

  • CVE-2018-0302 A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation... read CVE-2018-0302
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-0300 A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path travers... read CVE-2018-0300
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 7.2 HIGH
     V2: 9.0 HIGH

  • CVE-2018-0299 A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (... read CVE-2018-0299
    Published: June 21, 2018; 07:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 6.8 MEDIUM

  • CVE-2018-14524 dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
    Published: July 23, 2018; 04:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-1000508 WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. T... read CVE-2018-1000508
    Published: June 26, 2018; 12:29:00 PM -04:00

    V3: 4.8 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1000512 Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must fol... read CVE-2018-1000512
    Published: June 26, 2018; 12:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-1000515 ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to se... read CVE-2018-1000515
    Published: June 26, 2018; 12:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-1000514 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.
    Published: June 26, 2018; 12:29:01 PM -04:00

    V3: 4.3 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-1000540 LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, serv... read CVE-2018-1000540
    Published: June 26, 2018; 12:29:02 PM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-10658 There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
    Published: June 26, 2018; 02:29:00 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM