National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-11683 - A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
    Published: September 14, 2020; 10:15:10 AM -0400

    V3.1: 6.8 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2020-21732 - Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.
    Published: September 14, 2020; 8:15:10 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-25378 - Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.
    Published: September 14, 2020; 12:15:11 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-25284 - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
    Published: September 13, 2020; 2:15:09 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-15168 - node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For... read CVE-2020-15168
    Published: September 10, 2020; 3:15:13 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25286 - In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
    Published: September 13, 2020; 2:15:10 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25287 - Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
    Published: September 13, 2020; 2:15:10 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-25540 - ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
    Published: September 14, 2020; 9:15:10 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-25289 - The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
    Published: September 13, 2020; 4:15:10 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-21733 - Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
    Published: September 14, 2020; 8:15:10 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-1593 - A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508.
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-25291 - GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
    Published: September 13, 2020; 4:15:10 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-1592 - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Dis... read CVE-2020-1592
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 3.3 LOW
     V2.0: 2.1 LOW

  • CVE-2020-1590 - An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-1589 - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-202... read CVE-2020-1589
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-1559 - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-1532 - An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of P... read CVE-2020-1532
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-25285 - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
    Published: September 13, 2020; 2:15:09 PM -0400

    V3.1: 7.0 HIGH
     V2.0: 4.4 MEDIUM

  • CVE-2020-1523 - A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.
    Published: September 11, 2020; 1:15:21 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-1319 - A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129.
    Published: September 11, 2020; 1:15:20 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH