National Vulnerability Database

National Vulnerability Database

NVD




NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-32663 - iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7... read CVE-2021-32663
    Published: October 19, 2021; 2:15:07 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-32664 - Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
    Published: October 19, 2021; 2:15:07 PM -0400

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-41131 - python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the ... read CVE-2021-41131
    Published: October 19, 2021; 2:15:07 PM -0400

    V3.1: 8.7 HIGH
     V2.0: 8.8 HIGH

  • CVE-2021-41140 - Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of... read CVE-2021-41140
    Published: October 19, 2021; 2:15:08 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-3746 - A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is... read CVE-2021-3746
    Published: October 19, 2021; 11:15:08 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 7.1 HIGH

  • CVE-2021-37136 - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger... read CVE-2021-37136
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-39355 - The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed ... read CVE-2021-39355
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-39343 - The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrati... read CVE-2021-39343
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-39329 - The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrat... read CVE-2021-39329
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-37137 - The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as w... read CVE-2021-37137
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-27001 - Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end o... read CVE-2021-27001
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-26589 - A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a... read CVE-2021-26589
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-36832 - WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.
    Published: October 19, 2021; 11:15:07 AM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-30830 - A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.
    Published: October 19, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-30832 - A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.
    Published: October 19, 2021; 10:15:09 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-29912 - IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur... read CVE-2021-29912
    Published: October 19, 2021; 12:15:07 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-12141 - An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-... read CVE-2020-12141
    Published: October 19, 2021; 12:15:07 PM -0400

    V3.1: 9.1 CRITICAL
     V2.0: 6.4 MEDIUM

  • CVE-2021-38911 - IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
    Published: October 19, 2021; 12:15:07 PM -0400

    V3.1: 4.9 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-35323 - Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
    Published: October 19, 2021; 2:15:07 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-30829 - A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.
    Published: October 19, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM