NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2021-0057 - Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
    Published: June 09, 2021; 4:15:08 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.4 MEDIUM

  • CVE-2021-0058 - Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
    Published: June 09, 2021; 4:15:08 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2021-0056 - Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
    Published: June 09, 2021; 4:15:08 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2021-33668 - Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.
    Published: June 09, 2021; 9:15:07 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-24359 - The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user o... read CVE-2021-24359
    Published: June 14, 2021; 10:15:08 AM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2021-24358 - The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
    Published: June 14, 2021; 10:15:08 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 5.8 MEDIUM

  • CVE-2021-24357 - In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leadi... read CVE-2021-24357
    Published: June 14, 2021; 10:15:08 AM -0400

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2021-25948 - Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
    Published: June 10, 2021; 8:15:08 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-25949 - Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
    Published: June 10, 2021; 8:15:08 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-30548 - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: June 15, 2021; 6:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-30549 - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    Published: June 15, 2021; 6:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-24350 - The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.
    Published: June 14, 2021; 10:15:08 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-30553 - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: June 15, 2021; 6:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-30552 - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    Published: June 15, 2021; 6:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-30551 - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: June 15, 2021; 6:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-30547 - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
    Published: June 15, 2021; 6:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-22200 - Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
    Published: June 16, 2021; 1:15:07 PM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2020-35759 - bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
    Published: June 16, 2021; 12:15:07 PM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-35762 - bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
    Published: June 16, 2021; 12:15:08 PM -0400

    V3.1: 2.7 LOW
    V2.0: 4.0 MEDIUM

  • CVE-2020-35760 - bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
    Published: June 16, 2021; 12:15:07 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH