Total
4899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-36620 | 2 Mobyproject, Redhat | 2 Moby, Openshift | 2025-09-05 | 6.5 Medium |
| moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. | ||||
| CVE-2025-0287 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-09-05 | 5.1 Medium |
| Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation. | ||||
| CVE-2025-8586 | 1 Libav | 1 Libav | 2025-09-04 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-8584 | 1 Libav | 1 Libav | 2025-09-04 | 3.3 Low |
| A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-53270 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2025-09-04 | 7.5 High |
| Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold. | ||||
| CVE-2025-27701 | 1 Google | 1 Android | 2025-09-04 | 5.5 Medium |
| In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. | ||||
| CVE-2024-43886 | 1 Linux | 1 Linux Kernel | 2025-09-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update. | ||||
| CVE-2025-20262 | 1 Cisco | 4 Nexus, Nexus 3000, Nexus 9000 and 1 more | 2025-08-29 | 5 Medium |
| A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. | ||||
| CVE-2023-41234 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | 5 Medium |
| NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-56430 | 2025-08-27 | 2.9 Low | ||
| OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | ||||
| CVE-2024-30030 | 1 Microsoft | 1 Windows Server 2008 | 2025-08-27 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-37996 | 2025-08-27 | 3.3 Low | ||
| A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2024-41130 | 2 Ggerganov, Ggml | 2 Llama.cpp, Llama.cpp | 2025-08-27 | 5.4 Medium |
| llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. | ||||
| CVE-2024-20312 | 1 Cisco | 2 Ios, Ios Xe | 2025-08-26 | 7.4 High |
| A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency. | ||||
| CVE-2025-50422 | 1 Freedesktop | 1 Poppler | 2025-08-26 | 2.9 Low |
| Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. | ||||
| CVE-2025-45525 | 2025-08-26 | 2.9 Low | ||
| A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values. | ||||
| CVE-2022-40732 | 1 Microsoft | 3 Windows 11, Windows 11 21h2, Windows Server 2022 | 2025-08-26 | 5 Medium |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | ||||
| CVE-2022-40733 | 1 Microsoft | 4 Windows, Windows 11 21h2, Windows Server and 1 more | 2025-08-26 | 5 Medium |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | ||||
| CVE-2025-49678 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7 High |
| Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||||