U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-50804 - JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent.
    Published: December 30, 2025; 6:15:47 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-58336 - Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by di... read CVE-2024-58336
    Published: December 30, 2025; 6:15:48 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-58337 - Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauth... read CVE-2024-58337
    Published: December 30, 2025; 6:15:49 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2024-58338 - Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full... read CVE-2024-58338
    Published: December 30, 2025; 6:15:49 PM -0500

    V3.1: 10.0 CRITICAL

  • CVE-2025-15194 - A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buf... read CVE-2025-15194
    Published: December 29, 2025; 11:15:41 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-15114 - Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security ... read CVE-2025-15114
    Published: December 30, 2025; 6:15:50 PM -0500

  • CVE-2026-21506 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic()... read CVE-2026-21506
    Published: January 07, 2026; 1:15:54 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-21678 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This ... read CVE-2026-21678
    Published: January 07, 2026; 1:15:55 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-14936 - NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is requir... read CVE-2025-14936
    Published: December 23, 2025; 4:15:49 PM -0500

  • CVE-2025-14935 - NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is require... read CVE-2025-14935
    Published: December 23, 2025; 4:15:49 PM -0500

  • CVE-2025-14934 - NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is require... read CVE-2025-14934
    Published: December 23, 2025; 4:15:48 PM -0500

  • CVE-2025-14933 - NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit ... read CVE-2025-14933
    Published: December 23, 2025; 4:15:48 PM -0500

  • CVE-2025-14932 - NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to... read CVE-2025-14932
    Published: December 23, 2025; 4:15:48 PM -0500

  • CVE-2025-62864 - Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within th... read CVE-2025-62864
    Published: December 16, 2025; 1:16:13 PM -0500

  • CVE-2025-62863 - Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’... read CVE-2025-62863
    Published: December 16, 2025; 1:16:13 PM -0500

  • CVE-2025-64741 - Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
    Published: November 13, 2025; 10:15:54 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-64740 - Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    Published: November 13, 2025; 10:15:53 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-30669 - Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
    Published: November 13, 2025; 10:15:51 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-62482 - Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
    Published: November 13, 2025; 10:15:51 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2025-62483 - Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
    Published: November 13, 2025; 10:15:51 AM -0500

    V3.1: 7.5 HIGH