National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-37727 - A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x... read CVE-2021-37727
    Published: October 12, 2021; 11:15:08 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-37730 - A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba... read CVE-2021-37730
    Published: October 12, 2021; 11:15:08 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-37734 - A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: ... read CVE-2021-37734
    Published: October 12, 2021; 12:15:07 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-37732 - A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba... read CVE-2021-37732
    Published: October 12, 2021; 12:15:07 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-37735 - A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aru... read CVE-2021-37735
    Published: October 12, 2021; 12:15:07 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-33829 - A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
    Published: June 09, 2021; 8:15:07 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-24474 - The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
    Published: August 02, 2021; 7:15:10 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-41373 - FSLogix Information Disclosure Vulnerability
    Published: November 09, 2021; 8:19:30 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-41371 - Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631.
    Published: November 09, 2021; 8:19:30 PM -0500

    V3.1: 4.4 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-41376 - Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375.
    Published: November 09, 2021; 8:19:31 PM -0500

    V3.1: 4.4 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-41375 - Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376.
    Published: November 09, 2021; 8:19:31 PM -0500

    V3.1: 4.4 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-24767 - The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
    Published: November 08, 2021; 1:15:09 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-24721 - The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending w... read CVE-2021-24721
    Published: November 08, 2021; 1:15:09 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-24693 - The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. ... read CVE-2021-24693
    Published: November 08, 2021; 1:15:09 PM -0500

    V3.1: 9.0 CRITICAL
     V2.0: 6.0 MEDIUM

  • CVE-2021-24628 - The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection
    Published: November 08, 2021; 1:15:08 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-24647 - The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user... read CVE-2021-24647
    Published: November 08, 2021; 1:15:08 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-41374 - Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376.
    Published: November 09, 2021; 8:19:31 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-24627 - The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
    Published: November 08, 2021; 1:15:08 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2021-24706 - The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability... read CVE-2021-24706
    Published: November 08, 2021; 1:15:09 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-24701 - The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unf... read CVE-2021-24701
    Published: November 08, 2021; 1:15:09 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW