U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-20858 - Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
    Published: November 30, 2021; 10:15:06 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-3727 - # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quot... read CVE-2021-3727
    Published: November 30, 2021; 5:15:08 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-43778 - Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workar... read CVE-2021-43778
    Published: November 24, 2021; 2:15:07 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-41270 - Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are ... read CVE-2021-41270
    Published: November 24, 2021; 2:15:07 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-41192 - Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both th... read CVE-2021-41192
    Published: November 24, 2021; 11:15:14 AM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-28708 - PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a... read CVE-2021-28708
    Published: November 23, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-28707 - PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a... read CVE-2021-28707
    Published: November 23, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-28704 - PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a... read CVE-2021-28704
    Published: November 23, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2020-9803 - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing ... read CVE-2020-9803
    Published: June 09, 2020; 1:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-9806 - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Proce... read CVE-2020-9806
    Published: June 09, 2020; 1:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-9807 - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Proce... read CVE-2020-9807
    Published: June 09, 2020; 1:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-3900 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing... read CVE-2020-3900
    Published: April 01, 2020; 2:15:16 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-3899 - A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote ... read CVE-2020-3899
    Published: April 01, 2020; 2:15:16 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-3895 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing... read CVE-2020-3895
    Published: April 01, 2020; 2:15:16 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-27158 - Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
    Published: October 27, 2020; 4:15:22 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2020-25765 - Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.
    Published: October 27, 2020; 4:15:21 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2020-13414 - An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
    Published: May 22, 2020; 5:15:12 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-13413 - An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
    Published: May 22, 2020; 5:15:12 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2017-3085 - Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
    Published: August 11, 2017; 3:29:02 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-25741 - A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
    Published: September 20, 2021; 1:15:08 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 5.5 MEDIUM