National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2018-25011 - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
    Published: May 21, 2021; 1:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2018-25009 - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
    Published: May 21, 2021; 1:15:08 PM -0400

    V3.1: 9.1 CRITICAL
     V2.0: 6.4 MEDIUM

  • CVE-2020-36332 - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
    Published: May 21, 2021; 1:15:08 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-35337 - Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
    Published: July 01, 2021; 10:15:07 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-36623 - Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
    Published: August 03, 2021; 2:15:16 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-36624 - Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
    Published: July 30, 2021; 10:15:18 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2019-8994 - The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change... read CVE-2019-8994
    Published: April 24, 2019; 5:29:01 PM -0400

    V3.1: 4.6 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2019-11203 - The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain... read CVE-2019-11203
    Published: April 24, 2019; 5:29:00 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-35491 - A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a C... read CVE-2021-35491
    Published: October 05, 2021; 12:15:07 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2018-0063 - A vulnerability in the IP next-hop index database in Junos OS 17.3R3 may allow a flood of ARP requests, sent to the management interface, to exhaust the private Internal routing interfaces (IRIs) next-hop limit. Once the IRI next-hop database is f... read CVE-2018-0063
    Published: October 10, 2018; 2:29:03 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 3.3 LOW

  • CVE-2021-3163 - ** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed ... read CVE-2021-3163
    Published: April 12, 2021; 5:15:14 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-28463 - All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and i... read CVE-2020-28463
    Published: February 18, 2021; 11:15:12 AM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-39226 - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapsh... read CVE-2021-39226
    Published: October 05, 2021; 2:15:07 PM -0400

    V3.1: 7.3 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-31810 - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract ... read CVE-2021-31810
    Published: July 13, 2021; 9:15:09 AM -0400

    V3.1: 5.8 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-39149 - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No u... read CVE-2021-39149
    Published: August 23, 2021; 2:15:12 PM -0400

    V3.1: 8.5 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2021-39148 - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No u... read CVE-2021-39148
    Published: August 23, 2021; 2:15:12 PM -0400

    V3.1: 8.5 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2021-39147 - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No u... read CVE-2021-39147
    Published: August 23, 2021; 2:15:12 PM -0400

    V3.1: 8.5 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2021-39146 - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No u... read CVE-2021-39146
    Published: August 23, 2021; 2:15:12 PM -0400

    V3.1: 8.5 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2021-36009 - Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the contex... read CVE-2021-36009
    Published: August 20, 2021; 3:15:10 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-36008 - Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-after-free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the con... read CVE-2021-36008
    Published: August 20, 2021; 3:15:10 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM