National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-13352 - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
    Published: November 16, 2020; 8:15:13 PM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-13351 - Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.... read CVE-2020-13351
    Published: November 17, 2020; 1:15:12 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-13350 - CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
    Published: November 17, 2020; 1:15:12 PM -0500

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-13348 - An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <1... read CVE-2020-13348
    Published: November 17, 2020; 2:15:11 PM -0500

    V3.1: 5.7 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-13349 - An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.... read CVE-2020-13349
    Published: November 17, 2020; 2:15:11 PM -0500

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-13773 - Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_task... read CVE-2020-13773
    Published: November 16, 2020; 11:15:14 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-28723 - Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
    Published: November 16, 2020; 12:15:13 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-3441 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive pa... read CVE-2020-3441
    Published: November 18, 2020; 2:15:12 PM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25472 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-3471 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronizat... read CVE-2020-3471
    Published: November 18, 2020; 2:15:12 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25475 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-25474 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-29053 - HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
    Published: November 24, 2020; 3:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-29070 - osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
    Published: November 25, 2020; 3:15:10 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-29063 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29063
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-29061 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29061
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29062 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29062
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29060 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29060
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29059 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29059
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-25952 - SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
    Published: November 16, 2020; 11:15:14 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH