The Wayback Machine - https://web.archive.org/web/20210111013839/https://nvd.nist.gov/

National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-35262 - Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter.
    Published: January 06, 2021; 5:15:12 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-36158 - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
    Published: January 05, 2021; 12:15:10 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 8.3 HIGH

  • CVE-2020-26759 - clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
    Published: January 06, 2021; 8:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-36172 - The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
    Published: January 06, 2021; 10:15:15 AM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-13539 - An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite vario... read CVE-2020-13539
    Published: January 05, 2021; 11:15:14 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-27285 - The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
    Published: January 06, 2021; 10:15:14 AM -0500

    V3.1: 9.1 CRITICAL
     V2.0: 6.4 MEDIUM

  • CVE-2020-13540 - An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various... read CVE-2020-13540
    Published: January 05, 2021; 11:15:14 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-27283 - An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
    Published: January 06, 2021; 11:15:12 AM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-27279 - A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
    Published: January 06, 2021; 11:15:12 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2020-13541 - An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary co... read CVE-2020-13541
    Published: January 05, 2021; 11:15:14 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-25498 - Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
    Published: January 06, 2021; 5:15:12 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-10655 - The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code... read CVE-2020-10655
    Published: January 06, 2021; 9:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-10656 - The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute ar... read CVE-2020-10656
    Published: January 06, 2021; 9:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-10657 - The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges ... read CVE-2020-10657
    Published: January 06, 2021; 9:15:13 AM -0500

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-16954 - SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
    Published: January 06, 2021; 12:15:21 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2020-10658 - The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with ... read CVE-2020-10658
    Published: January 06, 2021; 9:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-8884 - rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.
    Published: January 06, 2021; 9:15:13 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-35951 - An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a Wo... read CVE-2020-35951
    Published: December 31, 2020; 11:15:13 PM -0500

    V3.1: 9.9 CRITICAL
     V2.0: 6.4 MEDIUM

  • CVE-2012-10001 - The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.
    Published: January 06, 2021; 10:15:13 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 5.0 MEDIUM

  • CVE-2019-16962 - Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
    Published: January 06, 2021; 12:15:21 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW