National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-20031 - A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
    Published: October 12, 2021; 7:15:07 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 5.8 MEDIUM

  • CVE-2021-26427 - Microsoft Exchange Server Remote Code Execution Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 9.6 CRITICAL
     V2.0: 5.8 MEDIUM

  • CVE-2021-26441 - Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-26442 - Windows HTTP.sys Elevation of Privilege Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-34453 - Microsoft Exchange Server Denial of Service Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-36953 - Windows TCP/IP Denial of Service Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-36970 - Windows Print Spooler Spoofing Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-38662 - Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2021-38663 - Windows exFAT File System Information Disclosure Vulnerability
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-38672 - Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40461.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 9.0 CRITICAL
     V2.0: 5.2 MEDIUM

  • CVE-2021-40443 - Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-42227 - Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
    Published: October 14, 2021; 1:15:08 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-42228 - A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
    Published: October 14, 2021; 1:15:08 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-40450 - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.
    Published: October 12, 2021; 9:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-40842 - Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious U... read CVE-2021-40842
    Published: October 13, 2021; 2:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-40843 - Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying ser... read CVE-2021-40843
    Published: October 13, 2021; 2:15:08 PM -0400

    V3.1: 7.3 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2020-3232 - A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability... read CVE-2020-3232
    Published: June 03, 2020; 2:15:21 PM -0400

    V3.1: 7.7 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-3215 - A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied ope... read CVE-2020-3215
    Published: June 03, 2020; 2:15:19 PM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 7.2 HIGH

  • CVE-2020-3213 - A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special par... read CVE-2020-3213
    Published: June 03, 2020; 2:15:19 PM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 7.2 HIGH