National Vulnerability Database

National Vulnerability Database

NVD




NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-0030 - Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
    Published: January 15, 2019; 4:29:02 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2021-40719 - Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to exec... read CVE-2021-40719
    Published: October 21, 2021; 4:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-34743 - A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. ... read CVE-2021-34743
    Published: October 20, 2021; 11:15:06 PM -0400

    V3.1: 7.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2021-36869 - Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
    Published: October 21, 2021; 5:15:07 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-31352 - An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read ... read CVE-2021-31352
    Published: October 19, 2021; 3:15:08 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-31356 - A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context... read CVE-2021-31356
    Published: October 19, 2021; 3:15:08 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-31357 - A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the... read CVE-2021-31357
    Published: October 19, 2021; 3:15:08 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-29883 - IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or... read CVE-2021-29883
    Published: October 21, 2021; 1:15:07 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-31358 - A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the co... read CVE-2021-31358
    Published: October 19, 2021; 3:15:09 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-28975 - WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
    Published: October 21, 2021; 12:15:07 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-29873 - IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
    Published: October 21, 2021; 1:15:07 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 5.5 MEDIUM

  • CVE-2021-34738 - Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about thes... read CVE-2021-34738
    Published: October 20, 2021; 11:15:06 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-35651 - Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows low privileged attacker with network ... read CVE-2021-35651
    Published: October 20, 2021; 7:17:19 AM -0400

    V3.1: 8.5 HIGH
     V2.0: 7.5 HIGH

  • CVE-2021-35653 - Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows low privileged attacker with network ... read CVE-2021-35653
    Published: October 20, 2021; 7:17:19 AM -0400

    V3.1: 7.7 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-35655 - Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows unauthenticated attacker with network... read CVE-2021-35655
    Published: October 20, 2021; 7:17:20 AM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-35654 - Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.046. Easily exploitable vulnerability allows unauthenticated attacker with network... read CVE-2021-35654
    Published: October 20, 2021; 7:17:20 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-35665 - Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP... read CVE-2021-35665
    Published: October 20, 2021; 7:17:22 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 5.8 MEDIUM

  • CVE-2021-23139 - A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
    Published: October 21, 2021; 4:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-42097 - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF atta... read CVE-2021-42097
    Published: October 20, 2021; 9:15:06 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-42096 - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
    Published: October 20, 2021; 9:15:06 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 6.8 MEDIUM