NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-54639 - ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.
Published: August 06, 2025; 12:16:10 AM -0400
CVE-2025-54612 - Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.
Published: August 05, 2025; 10:15:47 PM -0400

V3.1: 3.3 LOW
CVE-2025-54613 - Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.
Published: August 05, 2025; 10:15:47 PM -0400

V3.1: 3.3 LOW
CVE-2025-54621 - Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures.
Published: August 05, 2025; 10:15:48 PM -0400

V3.1: 3.3 LOW
CVE-2025-54626 - Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability.
Published: August 05, 2025; 11:15:25 PM -0400
CVE-2025-54629 - Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
Published: August 05, 2025; 11:15:26 PM -0400

V3.1: 4.7 MEDIUM
CVE-2024-58255 - EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Published: August 08, 2025; 12:15:59 AM -0400

V3.1: 6.7 MEDIUM
CVE-2024-58256 - EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Published: August 08, 2025; 12:16:03 AM -0400

V3.1: 7.8 HIGH
CVE-2024-58257 - EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Published: August 08, 2025; 12:16:04 AM -0400

V3.1: 6.7 MEDIUM
CVE-2025-66327 - Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: December 08, 2025; 4:15:47 AM -0500

V3.1: 4.7 MEDIUM
CVE-2025-66328 - Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: December 08, 2025; 4:15:47 AM -0500

V3.1: 4.7 MEDIUM
CVE-2025-66330 - App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: December 08, 2025; 4:15:47 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-66331 - Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Published: December 08, 2025; 4:15:47 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-66332 - Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Published: December 08, 2025; 4:15:48 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-66333 - Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Published: December 08, 2025; 4:15:48 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-48594 - In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execu... read CVE-2025-48594
Published: December 08, 2025; 12:16:16 PM -0500

V3.1: 7.3 HIGH
CVE-2025-48596 - In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: December 08, 2025; 12:16:16 PM -0500

V3.1: 7.8 HIGH
CVE-2025-48597 - In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not... read CVE-2025-48597
Published: December 08, 2025; 12:16:16 PM -0500

V3.1: 7.8 HIGH
CVE-2025-48598 - In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not n... read CVE-2025-48598
Published: December 08, 2025; 12:16:16 PM -0500

V3.1: 6.6 MEDIUM
CVE-2025-59698 - Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
Published: December 02, 2025; 10:15:55 AM -0500

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: