NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-13460 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
    Published: February 09, 2021; 12:15:13 AM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-21995 - Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
    Published: April 29, 2021; 11:15:10 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-29240 - The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
    Published: May 04, 2021; 8:15:16 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-31800 - Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused... read CVE-2021-31800
    Published: May 05, 2021; 7:15:07 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-29100 - A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution un... read CVE-2021-29100
    Published: May 05, 2021; 12:15:07 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-28899 - Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
    Published: April 29, 2021; 11:15:10 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-32098 - Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
    Published: May 07, 2021; 12:15:07 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-32099 - A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
    Published: May 07, 2021; 12:15:07 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-25319 - A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versi... read CVE-2021-25319
    Published: May 05, 2021; 5:15:07 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 7.2 HIGH

  • CVE-2021-23343 - All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
    Published: May 04, 2021; 5:15:07 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-31443 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31443
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 3.3 LOW
    V2.0: 4.3 MEDIUM

  • CVE-2020-23128 - Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
    Published: May 06, 2021; 9:15:09 AM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2021-31442 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... read CVE-2021-31442
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-31441 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... read CVE-2021-31441
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-31446 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31446
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 3.3 LOW
    V2.0: 4.3 MEDIUM

  • CVE-2021-31445 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31445
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 3.3 LOW
    V2.0: 4.3 MEDIUM

  • CVE-2021-32091 - A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
    Published: May 07, 2021; 1:15:08 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-31444 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31444
    Published: May 07, 2021; 5:15:07 PM -0400

    V3.1: 3.3 LOW
    V2.0: 4.3 MEDIUM

  • CVE-2021-26122 - LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.
    Published: May 07, 2021; 8:15:07 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-26123 - LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.
    Published: May 07, 2021; 8:15:07 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM