U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability
    Published: January 12, 2021; 3:15:30 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-21193 - Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: March 16, 2021; 11:15:13 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-22506 - Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
    Published: March 26, 2021; 10:15:11 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-1870 - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code ... read CVE-2021-1870
    Published: April 02, 2021; 3:15:20 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-1871 - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code ... read CVE-2021-1871
    Published: April 02, 2021; 3:15:20 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-1380 - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of ... read CVE-2020-1380
    Published: August 17, 2020; 3:15:14 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.6 HIGH

  • CVE-2020-1464 - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could... read CVE-2020-1464
    Published: August 17, 2020; 3:15:14 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 2.1 LOW

  • CVE-2020-3566 - A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient qu... read CVE-2020-3566
    Published: August 29, 2020; 12:15:09 PM -0400

    V3.1: 8.6 HIGH
     V2.0: 7.8 HIGH

  • CVE-2020-25213 - The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows ... read CVE-2020-25213
    Published: September 09, 2020; 12:15:12 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-0878 - <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.... read CVE-2020-0878
    Published: September 11, 2020; 1:15:14 PM -0400

    V3.1: 4.2 MEDIUM
     V2.0: 5.1 MEDIUM

  • CVE-2020-16846 - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
    Published: November 06, 2020; 3:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-17144 - Microsoft Exchange Remote Code Execution Vulnerability
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 8.4 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2020-29583 - Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh ser... read CVE-2020-29583
    Published: December 22, 2020; 5:15:14 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2021-41773 - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directo... read CVE-2021-41773
    Published: October 05, 2021; 5:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 4.3 MEDIUM

  • CVE-2021-42013 - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these d... read CVE-2021-42013
    Published: October 07, 2021; 12:15:09 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-30632 - Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: October 08, 2021; 5:15:07 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-30633 - Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: October 08, 2021; 5:15:07 PM -0400

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2021-37973 - Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: October 08, 2021; 6:15:08 PM -0400

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2021-37975 - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: October 08, 2021; 6:15:08 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-37976 - Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
    Published: October 08, 2021; 6:15:08 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM