National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-15963 - Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
    Published: September 21, 2020; 4:15:12 PM -0400

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2020-15964 - Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: September 21, 2020; 4:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-15962 - Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
    Published: September 21, 2020; 4:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-15960 - Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
    Published: September 21, 2020; 4:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-5361 - Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIO... read CVE-2020-5361
    Published: January 04, 2021; 5:15:13 PM -0500

    V3.1: 7.6 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-21263 - Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted wher... read CVE-2021-21263
    Published: January 19, 2021; 3:15:13 PM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-3178 - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that... read CVE-2021-3178
    Published: January 19, 2021; 2:15:13 AM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 5.5 MEDIUM

  • CVE-2020-4628 - IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the s... read CVE-2020-4628
    Published: January 27, 2021; 8:15:12 AM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-35749 - Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
    Published: January 15, 2021; 12:15:13 PM -0500

    V3.1: 7.7 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2020-15961 - Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
    Published: September 21, 2020; 4:15:12 PM -0400

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2020-28488 - This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
    Published: January 22, 2021; 9:15:12 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-4815 - IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
    Published: January 27, 2021; 8:15:13 AM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-4816 - IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive info... read CVE-2020-4816
    Published: January 27, 2021; 8:15:13 AM -0500

    V3.1: 5.9 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-36012 - Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.
    Published: January 27, 2021; 8:15:12 AM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-1139 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, se... read CVE-2021-1139
    Published: January 20, 2021; 4:15:11 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-1140 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, se... read CVE-2021-1140
    Published: January 20, 2021; 4:15:11 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2020-13379 - The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This ca... read CVE-2020-13379
    Published: June 03, 2020; 3:15:10 PM -0400

    V3.1: 8.2 HIGH
     V2.0: 6.4 MEDIUM

  • CVE-2020-1069 - A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
    Published: May 21, 2020; 7:15:12 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-1141 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, se... read CVE-2021-1141
    Published: January 20, 2021; 4:15:11 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-1752 - A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attack... read CVE-2020-1752
    Published: April 30, 2020; 1:15:13 PM -0400

    V3.1: 7.0 HIGH
     V2.0: 3.7 LOW