National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2018-8545 An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
    Published: November 13, 2018; 08:29:00 PM -05:00

  • CVE-2018-19287 XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
    Published: November 15, 2018; 01:29:00 AM -05:00

  • CVE-2018-9438 When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is... read CVE-2018-9438
    Published: November 06, 2018; 12:29:00 PM -05:00

  • CVE-2018-9355 In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitati... read CVE-2018-9355
    Published: November 06, 2018; 12:29:00 PM -05:00

  • CVE-2018-9356 In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi... read CVE-2018-9356
    Published: November 06, 2018; 12:29:00 PM -05:00

  • CVE-2018-9359 In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... read CVE-2018-9359
    Published: November 06, 2018; 12:29:00 PM -05:00

    V3: 7.5 HIGH
    V2: 7.8 HIGH

  • CVE-2018-8582 A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outl... read CVE-2018-8582
    Published: November 13, 2018; 08:29:01 PM -05:00

    V3: 8.8 HIGH
    V2: 9.3 HIGH

  • CVE-2018-9526 In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033
    Published: November 14, 2018; 01:29:00 PM -05:00

  • CVE-2018-8562 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows... read CVE-2018-8562
    Published: November 13, 2018; 08:29:01 PM -05:00

    V3: 7.8 HIGH
    V2: 7.2 HIGH

  • CVE-2018-8592 An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
    Published: November 13, 2018; 08:29:02 PM -05:00

  • CVE-2018-8579 An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
    Published: November 13, 2018; 08:29:01 PM -05:00

  • CVE-2018-8558 An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 3... read CVE-2018-8558
    Published: November 13, 2018; 08:29:01 PM -05:00

  • CVE-2018-8578 An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft Share... read CVE-2018-8578
    Published: November 13, 2018; 08:29:01 PM -05:00

  • CVE-2018-8602 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
    Published: November 13, 2018; 08:29:02 PM -05:00

  • CVE-2018-17948 An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
    Published: November 20, 2018; 01:29:00 PM -05:00

  • CVE-2018-0673 Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
    Published: November 15, 2018; 10:29:00 AM -05:00

  • CVE-2018-1779 IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
    Published: November 20, 2018; 09:29:00 AM -05:00

  • CVE-2018-6081 XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
    Published: November 14, 2018; 10:29:02 AM -05:00

  • CVE-2018-8547 A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directo... read CVE-2018-8547
    Published: November 13, 2018; 08:29:01 PM -05:00

  • CVE-2018-8608 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site... read CVE-2018-8608
    Published: November 13, 2018; 08:29:02 PM -05:00