U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-20917 - An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerabili... read CVE-2019-20917
    Published: September 11, 2020; 1:15:12 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 6.8 MEDIUM

  • CVE-2020-15785 - A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attack... read CVE-2020-15785
    Published: September 09, 2020; 3:15:19 PM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-6589 - CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
    Published: May 01, 2018; 2:29:00 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-15702 - TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed pr... read CVE-2020-15702
    Published: August 06, 2020; 7:15:11 PM -0400

    V3.1: 7.0 HIGH
     V2.0: 4.4 MEDIUM

  • CVE-2018-6588 - CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
    Published: March 29, 2018; 9:29:00 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-6587 - CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
    Published: March 29, 2018; 9:29:00 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-6586 - CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
    Published: March 29, 2018; 9:29:00 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2023-23749 - The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary ... read CVE-2023-23749
    Published: January 17, 2023; 3:15:11 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2017-3080 - Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
    Published: July 17, 2017; 9:18:26 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2017-3071 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
    Published: May 09, 2017; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-3072 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
    Published: May 09, 2017; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-3070 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
    Published: May 09, 2017; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-3069 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
    Published: May 09, 2017; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-3068 - Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
    Published: May 09, 2017; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-2998 - Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
    Published: March 14, 2017; 12:59:00 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2017-2927 - Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
    Published: January 10, 2017; 11:59:00 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2019-11539 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX befo... read CVE-2019-11539
    Published: April 25, 2019; 10:29:00 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-11540 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
    Published: April 25, 2019; 10:29:00 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2019-11541 - In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
    Published: April 25, 2019; 10:29:00 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2019-10475 - A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
    Published: October 23, 2019; 9:15:11 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM