close
The Wayback Machine - https://web.archive.org/web/20201127195859/https://nvd.nist.gov/

National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-13773 - Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_task... read CVE-2020-13773
    Published: November 16, 2020; 11:15:14 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-28723 - Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
    Published: November 16, 2020; 12:15:13 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-3441 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive pa... read CVE-2020-3441
    Published: November 18, 2020; 2:15:12 PM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25472 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-3471 - A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronizat... read CVE-2020-3471
    Published: November 18, 2020; 2:15:12 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25475 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-25474 - SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
    Published: November 24, 2020; 10:15:12 AM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-29053 - HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
    Published: November 24, 2020; 3:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-29070 - osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
    Published: November 25, 2020; 3:15:10 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-29063 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29063
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-29061 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29061
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29062 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29062
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29060 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29060
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29059 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29059
    Published: November 24, 2020; 4:15:12 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-25952 - SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
    Published: November 16, 2020; 11:15:14 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-28649 - The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
    Published: November 15, 2020; 11:15:12 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-29058 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29058
    Published: November 24, 2020; 4:15:11 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 5.0 MEDIUM

  • CVE-2020-29057 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29057
    Published: November 24, 2020; 4:15:11 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2020-29056 - An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, ... read CVE-2020-29056
    Published: November 24, 2020; 4:15:11 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2020-28650 - The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
    Published: November 15, 2020; 11:15:12 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW