Total
4191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28068 | 1 Samsung | 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more | 2025-06-26 | 5.3 Medium |
| A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves a NULL pointer dereference which can cause abnormal termination of a mobile phone via a manipulated packet. | ||||
| CVE-2025-45332 | 2025-06-26 | 7.5 High | ||
| vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | ||||
| CVE-2023-52979 | 1 Linux | 1 Linux Kernel | 2025-06-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' can become less than zero. This leads to the incorrect computation of 'len' and 'indexes' values which can cause null-ptr-deref in copy_bio_to_actor() or out-of-bounds accesses in the next sanity checks inside squashfs_read_xattr_id_table(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | ||||
| CVE-2022-4127 | 1 Linux | 1 Linux Kernel | 2025-06-25 | 5.5 Medium |
| A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. | ||||
| CVE-2022-4128 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-06-25 | 5.5 Medium |
| A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service. | ||||
| CVE-2023-6622 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-06-25 | 5.5 Medium |
| A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. | ||||
| CVE-2025-0287 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-06-25 | 5.1 Medium |
| Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation. | ||||
| CVE-2024-11705 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-24 | 9.1 Critical |
| `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2025-45331 | 2025-06-24 | 7.5 High | ||
| brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | ||||
| CVE-2023-52508 | 1 Linux | 1 Linux Kernel | 2025-06-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation. Add validation of the request structure pointer before dereference. | ||||
| CVE-2025-46399 | 1 Redhat | 1 Enterprise Linux | 2025-06-24 | 4.7 Medium |
| A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | ||||
| CVE-2025-48705 | 2025-06-23 | 7.5 High | ||
| An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot. | ||||
| CVE-2025-6496 | 2025-06-23 | 3.3 Low | ||
| A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6375 | 2025-06-23 | 3.3 Low | ||
| A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component. | ||||
| CVE-2025-29547 | 1 Horizondatasys | 1 Rollback Rx Pro | 2025-06-23 | 7 High |
| In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000. | ||||
| CVE-2025-4478 | 1 Redhat | 1 Enterprise Linux | 2025-06-23 | 7.1 High |
| A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. | ||||
| CVE-2024-31030 | 2 Keith-cullen, Keithcullen | 2 Freecoap, Freecoap | 2025-06-20 | 9.1 Critical |
| An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. | ||||
| CVE-2023-6603 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-20 | 7.5 High |
| A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | ||||
| CVE-2024-46922 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-20 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver. | ||||
| CVE-2025-33057 | 2025-06-20 | 6.5 Medium | ||
| Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | ||||