U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-42990 - FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption ... read CVE-2021-42990
    Published: December 07, 2021; 3:15:07 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-30578 - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30565 - Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
    Published: August 03, 2021; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30577 - Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
    Published: August 03, 2021; 4:15:08 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30576 - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30579 - Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30580 - Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30581 - Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30582 - Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30583 - Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30584 - Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30585 - Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30586 - Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30587 - Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30588 - Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30589 - Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
    Published: August 03, 2021; 4:15:09 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-3934 - ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
    Published: November 12, 2021; 7:15:07 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.1 MEDIUM

  • CVE-2021-24251 - The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such... read CVE-2021-24251
    Published: May 06, 2021; 9:15:11 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-24248 - The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive w... read CVE-2021-24248
    Published: May 06, 2021; 9:15:11 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-30566 - Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.
    Published: August 03, 2021; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM