National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>
JSON Feed 1.0 Released
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-9913 The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
    Published: March 21, 2019; 08:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-9927 Caret before 2019-02-22 allows Remote Code Execution.
    Published: March 22, 2019; 04:29:00 AM -04:00

    V3: 9.8 CRITICAL
     V2: 7.5 HIGH

  • CVE-2019-9925 S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
    Published: March 22, 2019; 04:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2019-9915 GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
    Published: March 21, 2019; 08:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2019-9912 The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
    Published: March 21, 2019; 08:29:00 PM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-17497 eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
    Published: March 21, 2019; 12:00:25 PM -04:00

    V3: 7.8 HIGH
     V2: 2.1 LOW

  • CVE-2018-17496 eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kil... read CVE-2018-17496
    Published: March 21, 2019; 12:00:25 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-17495 eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerabilit... read CVE-2018-17495
    Published: March 21, 2019; 12:00:25 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-17494 eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close... read CVE-2018-17494
    Published: March 21, 2019; 12:00:25 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-17493 eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerab... read CVE-2018-17493
    Published: March 21, 2019; 12:00:25 PM -04:00

    V3: 7.8 HIGH
     V2: 7.2 HIGH

  • CVE-2018-20615 An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s... read CVE-2018-20615
    Published: March 21, 2019; 12:00:36 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-17499 Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and... read CVE-2018-17499
    Published: March 21, 2019; 12:00:26 PM -04:00

    V3: 5.5 MEDIUM
     V2: 2.1 LOW

  • CVE-2017-7160 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-7160
    Published: December 27, 2017; 12:08:24 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-7157 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-7157
    Published: December 27, 2017; 12:08:24 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-7156 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-7156
    Published: December 27, 2017; 12:08:24 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-7154 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictio... read CVE-2017-7154
    Published: December 27, 2017; 12:08:24 PM -05:00

    V3: 6.6 MEDIUM
     V2: 5.6 MEDIUM

  • CVE-2017-13870 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-13870
    Published: December 25, 2017; 04:29:14 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-13868 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass i... read CVE-2017-13868
    Published: December 25, 2017; 04:29:14 PM -05:00

    V3: 5.5 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2017-13866 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-13866
    Published: December 25, 2017; 04:29:14 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2017-13856 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves... read CVE-2017-13856
    Published: December 25, 2017; 04:29:13 PM -05:00

    V3: 8.8 HIGH
     V2: 6.8 MEDIUM