National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

<strong>JSON Vulnerability Feeds 1.0 Released!</strong>
JSON Feed 1.0 Released
Vulnerable Product Configurations Improved!
CPE Ranges
Multiple different visualizations displaying word, CWE, CVSS score distribution and more!
Vulnerability Visualizations


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-15411 A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected s... read CVE-2018-15411
    Published: October 05, 2018; 10:29:09 AM -04:00

    V3: 7.8 HIGH
     V2: 9.3 HIGH

  • CVE-2018-1420 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
    Published: October 01, 2018; 10:29:00 AM -04:00

    V3: 6.5 MEDIUM
     V2: 4.0 MEDIUM

  • CVE-2018-1672 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
    Published: October 01, 2018; 10:29:00 AM -04:00

    V3: 6.3 MEDIUM
     V2: 6.5 MEDIUM

  • CVE-2018-17215 An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the respon... read CVE-2018-17215
    Published: September 26, 2018; 05:29:01 PM -04:00

    V3: 8.1 HIGH
     V2: 4.3 MEDIUM

  • CVE-2017-12573 An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to... read CVE-2017-12573
    Published: August 24, 2018; 03:29:00 PM -04:00

    V3: 8.8 HIGH
     V2: 9.0 HIGH

  • CVE-2017-12574 An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthoriz... read CVE-2017-12574
    Published: August 24, 2018; 03:29:00 PM -04:00

    V3: 9.8 CRITICAL
     V2: 10.0 HIGH

  • CVE-2018-1777 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... read CVE-2018-1777
    Published: October 16, 2018; 03:29:00 PM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1767 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... read CVE-2018-1767
    Published: October 29, 2018; 11:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-0675 AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors.
    Published: September 04, 2018; 09:29:07 AM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-0674 AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors.
    Published: September 04, 2018; 09:29:06 AM -04:00

    V3: 7.8 HIGH
     V2: 6.8 MEDIUM

  • CVE-2018-1794 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi... read CVE-2018-1794
    Published: October 03, 2018; 10:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-1793 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin... read CVE-2018-1793
    Published: October 03, 2018; 10:29:00 AM -04:00

    V3: 6.1 MEDIUM
     V2: 4.3 MEDIUM

  • CVE-2018-11761 In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
    Published: September 19, 2018; 10:29:00 AM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-11762 In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that... read CVE-2018-11762
    Published: September 19, 2018; 10:29:00 AM -04:00

    V3: 5.9 MEDIUM
     V2: 5.8 MEDIUM

  • CVE-2018-1517 A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
    Published: August 20, 2018; 05:29:01 PM -04:00

    V3: 7.5 HIGH
     V2: 5.0 MEDIUM

  • CVE-2018-0657 Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG... read CVE-2018-0657
    Published: September 07, 2018; 10:29:02 AM -04:00

    V3: 4.8 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1603 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le... read CVE-2018-1603
    Published: October 04, 2018; 10:29:00 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1602 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le... read CVE-2018-1602
    Published: October 04, 2018; 10:29:00 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1692 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le... read CVE-2018-1692
    Published: October 02, 2018; 11:29:03 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW

  • CVE-2018-1691 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le... read CVE-2018-1691
    Published: October 02, 2018; 11:29:02 AM -04:00

    V3: 5.4 MEDIUM
     V2: 3.5 LOW