U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-45642 - Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000... read CVE-2021-45642
    Published: December 25, 2021; 8:15:19 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 7.5 HIGH

  • CVE-2021-43552 - The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
    Published: December 27, 2021; 2:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-43550 - The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Effici... read CVE-2021-43550
    Published: December 27, 2021; 2:15:08 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 3.3 LOW

  • CVE-2021-43548 - Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
    Published: December 27, 2021; 2:15:08 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 3.3 LOW

  • CVE-2021-21750 - ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.
    Published: December 27, 2021; 2:15:08 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-44716 - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
    Published: January 01, 2022; 12:15:08 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2022-21650 - Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be by... read CVE-2022-21650
    Published: January 04, 2022; 4:15:07 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-46144 - Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
    Published: January 06, 2022; 12:15:09 AM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2022-20019 - In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch... read CVE-2022-20019
    Published: January 04, 2022; 11:15:10 AM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-30273 - Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
    Published: January 03, 2022; 3:15:08 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-41817 - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
    Published: January 01, 2022; 12:15:08 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-46074 - A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.
    Published: January 06, 2022; 11:15:08 AM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-46073 - A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
    Published: January 06, 2022; 11:15:08 AM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-45939 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-45938 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-45937 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-45936 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-45934 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-45980 - Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.
    Published: January 04, 2022; 10:15:08 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-45933 - wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
    Published: December 31, 2021; 8:15:08 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM