The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-26181 - Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN ... read CVE-2020-26181
    Published: January 05, 2021; 5:15:13 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 7.2 HIGH

  • CVE-2020-35946 - An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.
    Published: December 31, 2020; 11:15:13 PM -0500

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2021-22493 - An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The quram library allows attackers to execute arbitrary code or cause a denial of service (memory corruption) during dng decoding. The Samsung ID is SVE-2... read CVE-2021-22493
    Published: January 05, 2021; 1:15:18 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-35944 - An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.
    Published: December 31, 2020; 11:15:13 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20309 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 12:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20310 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 12:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20311 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 12:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-27844 - A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerab... read CVE-2020-27844
    Published: January 05, 2021; 1:15:14 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 8.3 HIGH

  • CVE-2018-20312 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
    Published: January 07, 2021; 12:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20313 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 1:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20314 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 1:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-20315 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
    Published: January 07, 2021; 1:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2020-36159 - Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
    Published: January 05, 2021; 2:15:17 PM -0500

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2015-2992 - Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
    Published: February 27, 2020; 1:15:11 PM -0500

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2018-20316 - Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
    Published: January 07, 2021; 1:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2019-20484 - An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
    Published: January 05, 2021; 5:15:13 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 5.5 MEDIUM

  • CVE-2019-20483 - An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
    Published: January 05, 2021; 4:15:14 PM -0500

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2020-29491 - Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leadi... read CVE-2020-29491
    Published: January 04, 2021; 5:15:13 PM -0500

    V3.1: 8.6 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-29492 - Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any tar... read CVE-2020-29492
    Published: January 04, 2021; 5:15:13 PM -0500

  • CVE-2020-26046 - FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.
    Published: January 05, 2021; 10:15:13 AM -0500

    V3.1: 5.4 MEDIUM
    V2.0: 4.3 MEDIUM