) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-60047 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes IPharm ipharm allows PHP Local File Inclusion.This issue affects IPharm: from n/a through <= 1.2.3.
Published: December 18, 2025; 3:16:04 AM -0500 -
CVE-2025-60046 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes HeartStar heartstar allows PHP Local File Inclusion.This issue affects HeartStar: from n/a through <= 1.0.14.
Published: December 18, 2025; 3:16:04 AM -0500 -
CVE-2025-38732 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h... read CVE-2025-38732
Published: September 05, 2025; 2:15:42 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-30662 - Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network ... read CVE-2025-30662
Published: November 13, 2025; 10:15:51 AM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-67269 - An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->le... read CVE-2025-67269
Published: January 02, 2026; 11:17:01 AM -0500 -
CVE-2026-0568 - A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotel... read CVE-2026-0568
Published: January 02, 2026; 1:15:54 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2026-0569 - A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack rem... read CVE-2026-0569
Published: January 02, 2026; 2:15:47 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2026-0570 - A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. Th... read CVE-2026-0570
Published: January 02, 2026; 2:15:47 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-58315 - Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious ... read CVE-2024-58315
Published: December 30, 2025; 6:15:48 PM -0500V3.1: 7.8 HIGH
-
CVE-2022-48220 - Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential... read CVE-2022-48220
Published: February 14, 2024; 6:15:08 PM -0500 -
CVE-2022-48219 - Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential... read CVE-2022-48219
Published: February 14, 2024; 6:15:07 PM -0500 -
CVE-2025-33212 - NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution... read CVE-2025-33212
Published: December 16, 2025; 1:16:11 PM -0500V3.1: 7.8 HIGH
-
CVE-2026-21500 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. Th... read CVE-2026-21500
Published: January 07, 2026; 1:15:53 PM -0500V3.1: 7.8 HIGH
-
CVE-2026-21499 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue ... read CVE-2026-21499
Published: January 07, 2026; 1:15:53 PM -0500 -
CVE-2026-21498 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. ... read CVE-2026-21498
Published: January 07, 2026; 1:15:53 PM -0500 -
CVE-2026-21497 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This... read CVE-2026-21497
Published: January 07, 2026; 1:15:53 PM -0500 -
CVE-2025-33226 - NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information d... read CVE-2025-33226
Published: December 16, 2025; 1:16:11 PM -0500 -
CVE-2025-60458 - UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
Published: December 29, 2025; 10:16:01 AM -0500 -
CVE-2026-21496 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This ... read CVE-2026-21496
Published: January 07, 2026; 1:15:53 PM -0500 -
CVE-2026-21495 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue ha... read CVE-2026-21495
Published: January 07, 2026; 1:15:53 PM -0500