National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-1699 - Windows (modem.sys) Information Disclosure Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-1697 - Windows InstallService Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-1696 - Windows Graphics Component Information Disclosure Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-1695 - Windows Print Spooler Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-1700 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-1702 - Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-1694 - Windows Update Stack Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-1668 - Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
    Published: January 12, 2021; 3:15:31 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability
    Published: January 12, 2021; 3:15:32 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-1693 - Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-26733 - Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.
    Published: January 14, 2021; 11:15:17 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-1691 - Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.7 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2020-29015 - A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization heade... read CVE-2020-29015
    Published: January 14, 2021; 11:15:17 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29016 - A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted re... read CVE-2020-29016
    Published: January 14, 2021; 11:15:18 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29017 - An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
    Published: January 14, 2021; 11:15:18 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-29018 - A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
    Published: January 14, 2021; 11:15:18 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-29019 - A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
    Published: January 14, 2021; 11:15:18 AM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-1692 - Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.
    Published: January 12, 2021; 3:15:33 PM -0500

    V3.1: 7.7 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2021-1667 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
    Published: January 12, 2021; 3:15:31 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-26247 - Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowi... read CVE-2020-26247
    Published: December 30, 2020; 2:15:12 PM -0500

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM