NVD

NVD API Key

NVD Release of CVMAP

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-0764 - Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
Published: February 26, 2022; 10:15:07 AM -0500

V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-22908 - SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.
Published: February 26, 2022; 5:15:07 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-26146 - Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.
Published: February 26, 2022; 3:15:07 PM -0500

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-3967 - Improper Access Control in GitHub repository zulip/zulip prior to 4.10.
Published: February 26, 2022; 6:15:08 PM -0500

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-21708 - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after f... read CVE-2021-21708
Published: February 27, 2022; 3:15:06 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2021-46661 - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
Published: January 31, 2022; 9:15:06 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-46662 - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
Published: January 31, 2022; 9:15:06 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-46665 - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
Published: January 31, 2022; 9:15:06 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-46663 - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
Published: January 31, 2022; 9:15:06 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-46664 - MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
Published: January 31, 2022; 9:15:06 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-39301 - Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Published: February 16, 2022; 12:15:11 PM -0500

V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-39300 - Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Published: February 16, 2022; 12:15:10 PM -0500

V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-39297 - Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Published: February 16, 2022; 12:15:10 PM -0500

V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-39298 - Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Published: February 16, 2022; 12:15:10 PM -0500

V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-39299 - Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Published: February 16, 2022; 12:15:10 PM -0500

V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-29220 - Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack version(s): Prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of ... read CVE-2021-29220
Published: February 24, 2022; 5:15:08 PM -0500

V3.1: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2022-22793 - Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.
Published: February 24, 2022; 12:15:07 PM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-22794 - Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER... read CVE-2022-22794
Published: February 24, 2022; 12:15:08 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-10636 - Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
Published: February 24, 2022; 2:15:08 PM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-46668 - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
Published: January 31, 2022; 9:15:07 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database