Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-13084

Summary
Assigner-WatchGuard
Assigner Org ID-5d1c2695-1a31-4499-88ae-e847036fd7e3
Published At-02 Jul, 2026 | 23:06
Updated At-02 Jul, 2026 | 23:06
Rejected At-
Credits

Null Pointer Dereference in WatchGuard Fireware OS iked Process

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WatchGuard
Assigner Org ID:5d1c2695-1a31-4499-88ae-e847036fd7e3
Published At:02 Jul, 2026 | 23:06
Updated At:02 Jul, 2026 | 23:06
Rejected At:
▼CVE Numbering Authority (CNA)
Null Pointer Dereference in WatchGuard Fireware OS iked Process

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2

Affected Products
Vendor
WatchGuard Technologies, Inc.WatchGuard
Product
Fireware OS
Default Status
unaffected
Versions
Affected
  • From 11.10.2 through 11.12.4+541730 (semver)
  • From 12.0 through 12.12 (semver)
  • From 12.5 through 12.5.18 (semver)
  • From 2025.1 through 2026.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-129CAPEC-129 Pointer Manipulation
CAPEC ID: CAPEC-129
Description: CAPEC-129 Pointer Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00024
vendor-advisory
Hyperlink: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00024
Resource:
vendor-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:5d1c2695-1a31-4499-88ae-e847036fd7e3
Published At:03 Jul, 2026 | 00:16
Updated At:03 Jul, 2026 | 00:16

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-476Secondary5d1c2695-1a31-4499-88ae-e847036fd7e3
CWE ID: CWE-476
Type: Secondary
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-000245d1c2695-1a31-4499-88ae-e847036fd7e3
N/A
Hyperlink: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00024
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

23Records found

CVE-2025-11838
Matching Score-8
Assigner-WatchGuard Technologies, Inc.
ShareView Details
Matching Score-8
Assigner-WatchGuard Technologies, Inc.
CVSS Score-8.7||HIGH
EPSS-0.41% / 33.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 21:48
Updated-16 Dec, 2025 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WatchGuard Firebox iked Memory Corruption Vulnerability

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.

Action-Not Available
Vendor-WatchGuard Technologies, Inc.
Product-firebox_t55firewarefirebox_m5800firebox_t40firebox_t25firebox_m590firebox_m440firebox_m290firebox_m270firebox_m390firebox_t85firebox_t115-wfirebox_m570firebox_t145-wfirebox_t125-wfirebox_m5600firebox_t45firebox_t20firebox_m670firebox_m4600firebox_m4800fireboxcloudfirebox_t145firebox_t80firebox_t185firebox_nv5firebox_m370firebox_t70firebox_m470firebox_t125firebox_m690fireboxvFireware OS
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2026-9716
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.64%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 15:02
Updated-25 Jun, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.

Action-Not Available
Vendor-Schneider Electric SE
Product-PowerLogic™ P7
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-55204
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.64%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 16:05
Updated-26 Jun, 2026 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Action-Not Available
Vendor-haproxyhaproxy
Product-haproxyhaproxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-46527
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.64%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 19:18
Updated-01 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid IP segments. The code path then executes get_client_ip(), which calls front() on an empty std::vector—undefined behavior in C++. On typical implementations this manifests as abnormal process termination (denial of service). With Sanitizers enabled, you get an explicit runtime diagnostic. This vulnerability is fixed in 0.44.0.

Action-Not Available
Vendor-yhiroseyhirose
Product-cpp-httplibcpp-httplib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-31115
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.62% / 45.22%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 16:57
Updated-12 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.

Action-Not Available
Vendor-tukaani-projectSiemens AG
Product-xzSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-366
Race Condition within a Thread
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-826
Premature Release of Resource During Expected Lifetime
CVE-2026-42409
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.67%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 14:12
Updated-23 Jun, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerbig-ip_container_ingress_servicesbig-ip_global_traffic_managerbig-ip_link_controllerbig-ip_application_acceleration_managerbig-ip_next_cloud-native_network_functionsbig-ip_webacceleratorbig-ip_advanced_web_application_firewallbig-ip_websafebig-ip_ddos_hybrid_defenderbig-ip_next_for_kubernetesbig-ip_application_visibility_and_reportingbig-ip_edge_gatewaybig-ip_analyticsbig-ip_advanced_firewall_managerbig-ip_domain_name_systembig-ip_access_policy_managerbig-ip_local_traffic_managerbig-ip_fraud_protection_servicebig-ip_automation_toolchainbig-ip_carrier-grade_natbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerBIG-IP Next SPKBIG-IPBIG-IP Next CNFBIG-IP Next for Kubernetes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-48139
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-8.7||HIGH
EPSS-0.34% / 26.31%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 13:22
Updated-25 Jun, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference vulnerability in NI grpc-device data moniker service

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.

Action-Not Available
Vendor-niNI
Product-ni_grpc_device_serverinstrumentstudioInstrumentStudiogrpc-device
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33063
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.65% / 46.69%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 02:53
Updated-27 Mar, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint) are affected. A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the `GetSupiFromSuciSupiMap` function. This results in complete denial of service for the AUSF authentication service. The `GetSupiFromSuciSupiMap` function attempts to perform an interface conversion from `interface{}` to `*context.SuciSupiMap` without checking if the underlying value is nil. When `SuciSupiMap` is nil, the code panics with "interface conversion: interface {} is nil, not *context.SuciSupiMap". free5GC AUSF version 1.4.2 patches the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.

Action-Not Available
Vendor-free5gcfree5gc
Product-free5gcausf
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33164
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.86%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 20:33
Updated-23 Mar, 2026 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libde265

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

Action-Not Available
Vendor-strukturstrukturag
Product-libde265libde265
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-33064
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.49% / 38.32%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 08:00
Updated-23 Mar, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequences (../) and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference". Exploitation would result in UDM functionality disruption until recovery by restart. This issue has been fixed in version 1.4.2.

Action-Not Available
Vendor-free5gcfree5gc
Product-udmfree5gc
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-478
Missing Default Case in Multiple Condition Expression
CVE-2025-0492
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.83% / 76.31%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 22:00
Updated-24 Sep, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-823X FUN_00412244 null pointer dereference

A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-823xdir-823x_firmwareDIR-823X
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-27651
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.92% / 55.92%
||
7 Day CHG+0.39%
Published-24 Mar, 2026 | 14:13
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX ngx_mail_auth_http_module vulnerability

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.Red Hat, Inc.
Product-nginx_open_sourcenginx_plusNGINX PlusNGINX Open SourceRed Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Hardened ImagesRed Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0430
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 17:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Belledonne Communications Linphone-Desktop NULL Pointer Dereference

Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.

Action-Not Available
Vendor-Belledonne Communications
Product-Linphone-Desktop
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-2507
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.33%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 15:55
Updated-18 Feb, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM Vulnerability

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-BIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-25075
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.01% / 58.96%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 18:33
Updated-06 May, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Action-Not Available
Vendor-strongSwan
Product-strongSwan
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-40833
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.32% / 24.27%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-12 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.

Action-Not Available
Vendor-Siemens AG
Product-SCALANCE X308-2LH+SCALANCE W721-1 RJ45IE/PB LINK HASCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE XF208SCALANCE W774-1 M12 EECSCALANCE X307-2 EEC (24V)SIMATIC ET 200pro IM 154-8F PN/DP CPUSCALANCE X307-2 EEC (230V, coated)SCALANCE XR324-12M (24V, ports on rear)SINAMICS G120XSCALANCE XR324-12M TS (24V)SITOP PSU8600 3AC 40 A PNSIMIT UNIT V11SCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE MUM856-1 (CN)SCALANCE MUM853-1 (EU)SCALANCE W1788-1 M12SCALANCE SC636-2CSCALANCE X307-2 EEC (2x 24V, coated)SINAMICS G120DSIMATIC ET 200pro IM 154-8FX PN/DP CPUSCALANCE X308-2 RD (inkl. SIPLUS variants)SIPLUS S7-300 CPU 315-2 PN/DPSCALANCE X212-2LDSCALANCE WAM763-1SITOP UPS1600 10 A Ethernet/ PROFINETSCALANCE S615 LAN-RouterSITOP UPS1600 EX 20 A Ethernet PROFINETSIPLUS S7-300 CPU 317F-2 PN/DPSCALANCE XR526-8C, 2x230VSCALANCE XF206-1SINAMICS G130SCALANCE X310SCALANCE W774-1 RJ45 (USA)SCALANCE X308-2M PoESIMATIC ET 200SP CPU 1512SP F-1 PNSCALANCE X307-2 EEC (2x 24V)SCALANCE WAM763-1 (ME)SCALANCE MUB852-1 (B1)SCALANCE MUM853-1 (B1)SCALANCE W748-1 M12SIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SCALANCE X302-7 EEC (2x 230V)SIMATIC ET 200S IM 151-8F PN/DP CPUSCALANCE WAB762-1SCALANCE WUM766-1 (USA)SCALANCE WUB762-1 iFeaturesSCALANCE W774-1 RJ45SCALANCE X302-7 EEC (230V)SCALANCE X408-2SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SCALANCE W786-2IA RJ45SCALANCE W786-2 SFPSCALANCE SC632-2CSCALANCE XR524-8C, 24V (L3 int.)SCALANCE MUM856-1 (EU)SINUMERIK 840D slSCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X308-2MSINAMICS G120 (incl. SIPLUS variants)SIPLUS S7-400 CPU 416-3 PN/DP V7SCALANCE XR324-4M PoE (230V, ports on front)SCALANCE WUM763-1 (US)SCALANCE W734-1 RJ45SCALANCE XM408-8C (L3 int.)SITOP PSU8600 3AC 40 A/4x10 A PNSCALANCE M876-3SCALANCE M812-1 ADSL-RouterSCALANCE MUM856-1 (A1)SCALANCE WUM766-1SCALANCE XR324-4M EEC (2x 24V, ports on front)SCALANCE M876-4 (NAM)SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (24V, coated)SINAMICS G150SIMATIC S7-300 CPU 319F-3 PN/DPSCALANCE X304-2FESIMATIC S7-300 CPU 314C-2 PN/DPSIMATIC S7-1500 CPU 1511F-1 PNSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC S7-1500 CPU 1515F-2 PNSCALANCE SC622-2CSITOP PSU8600 3AC 20 A/4x5 A PNSCALANCE MUM856-1 (RoW)SIMATIC ET 200SP HA IM155-6 PNSCALANCE XR324-4M EEC (24V, ports on rear)IE/PB link PN IOSCALANCE WAM766-1 (ME)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE W788-1 RJ45SCALANCE WAM766-1 (US)SCALANCE X307-3LDSCALANCE M874-3 3G-Router (CN)SIPLUS NET IE/PB link PN IOSIMATIC S7-1500 CPU 1516-3 PN/DPSCALANCE WAM766-1 EECSCALANCE W761-1 RJ45SCALANCE W788-1 M12SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SCALANCE X204-2LD TSSCALANCE SC642-2CSCALANCE X320-1-2LD FESCALANCE X308-2LDSCALANCE X302-7 EEC (230V, coated)SCALANCE M874-2SCALANCE X208PROSCALANCE XR324-4M PoE (230V, ports on rear)SIMATIC S7-300 CPU 317T-3 PN/DPSCALANCE X307-3SCALANCE W722-1 RJ45SCALANCE XR324-12M (230V, ports on rear)SCALANCE X216SCALANCE SC646-2CSCALANCE X320-1 FESCALANCE XR552-12M (2HR2)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-300 CPU 315T-3 PN/DPSCALANCE XM408-8CSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SIMATIC S7-400 CPU 412-2 PN V7SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE W786-2 RJ45SCALANCE XM408-4C (L3 int.)SIMATIC S7-300 CPU 315F-2 PN/DPSCALANCE XR528-6M (2HR2)SCALANCE W1788-2IA M12SIPLUS ET 200S IM 151-8 PN/DP CPUSCALANCE M874-3SCALANCE XM416-4C (L3 int.)SCALANCE M804PBSITOP PSU8600 3AC 40 A/4x10A EIPSIMATIC CFU PASCALANCE XR324-4M PoE (24V, ports on rear)SIMATIC S7-300 CPU 317TF-3 PN/DPSCALANCE W786-1 RJ45SCALANCE XR526-8C, 24VSCALANCE WAM766-1SITOP UPS1600 20 A Ethernet/ PROFINETSIMATIC S7-400 CPU 416F-3 PN/DP V7SCALANCE M816-1 ADSL-RouterSCALANCE X208SCALANCE W1788-2 EEC M12SITOP UPS1600 40 A Ethernet/ PROFINETSCALANCE S615 EEC LAN-RouterSCALANCE W748-1 RJ45SCALANCE WUM763-1SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE XR526-8C, 24V (L3 int.)SINAMICS S110SCALANCE M876-4 (EU)SCALANCE XR324-12M (230V, ports on front)SIMATIC ET 200S IM 151-8 PN/DP CPUSCALANCE X306-1LD FESIMATIC S7-1500 CPU 1511-1 PNSINAMICS G120CSIMIT UNIT V10SIMATIC S7-300 CPU 317F-2 PN/DPSCALANCE XR528-6MRUGGEDCOM RM1224 LTE(4G) EUSCALANCE WAM766-1 EEC (ME)SCALANCE X224SCALANCE X308-2M TSSCALANCE XR524-8C, 24VSIMATIC S7-300 CPU 319-3 PN/DPSCALANCE XR552-12MSIMATIC ET 200pro IM 154-8 PN/DP CPUSCALANCE X308-2LHSCALANCE X308-2SIMATIC ET 200SP CPU 1510SP-1 PNSCALANCE XR524-8C, 1x230VSIPLUS S7-300 CPU 315F-2 PN/DPSCALANCE M876-4SCALANCE W778-1 M12 EEC (USA)SCALANCE X204-2LDSCALANCE X302-7 EEC (2x 230V, coated)SCALANCE XM416-4CSIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 414F-3 PN/DP V7SCALANCE XR528-6M (L3 int.)SCALANCE XR324-12M (24V, ports on front)SCALANCE XR324-4M EEC (24V, ports on front)SIMATIC S7-400 CPU 414-3 PN/DP V7SCALANCE W1748-1 M12SCALANCE W788-2 M12SCALANCE WUM766-1 (ME)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-400 CPU 416-3 PN/DP V7SCALANCE WUB762-1SCALANCE X206-1SCALANCE XF204SINAMICS CBE20SIMATIC S7-300 CPU 317-2 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSCALANCE W788-2 M12 EECSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-400 CPU 414-3 PN/DP V7RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE X204-2FMSCALANCE W738-1 M12SCALANCE W734-1 RJ45 (USA)SCALANCE X302-7 EEC (2x 24V)SCALANCE XR528-6M (2HR2, L3 int.)SCALANCE WAM766-1 EEC (US)SCALANCE M876-3 (ROK)SCALANCE M826-2 SHDSL-RouterSCALANCE WAM763-1 (US)SINAMICS S120 (incl. SIPLUS variants)SCALANCE MUM856-1 (B1)SITOP PSU8600 1AC 20 A/4x5 A PNSCALANCE W788-2 RJ45SCALANCE X307-2 EEC (230V)SCALANCE SC626-2CSCALANCE X212-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SINAMICS S150SCALANCE XM408-4CSITOP PSU8600 3AC 20 A PNSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE X307-2 EEC (2x 230V)SCALANCE W778-1 M12SCALANCE W778-1 M12 EECSCALANCE X204-2TSSCALANCE XR324-4M EEC (2x 24V, ports on rear)SIMATIC ET 200SP CPU 1510SP F-1 PNSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE MUB852-1 (A1)SCALANCE XR324-4M PoE (24V, ports on front)SINAMICS G115DSCALANCE X206-1LDSIMATIC S7-1500 CPU 1515-2 PNSCALANCE XR524-8C, 2x230VSCALANCE XR526-8C, 1x230VSIMATIC CFU DIQSCALANCE X302-7 EEC (24V)SCALANCE W1788-2 M12SCALANCE X204-2SINAMICS G120XASCALANCE XF204-2SIMATIC ET 200SP CPU 1512SP-1 PN
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-68274
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.49% / 38.37%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 22:02
Updated-05 Mar, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.

Action-Not Available
Vendor-emiagoemiago
Product-sipgosipgo
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-61668
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.41% / 32.68%
||
7 Day CHG+0.01%
Published-02 Oct, 2025 | 21:46
Updated-06 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.

Action-Not Available
Vendor-Plone Foundation
Product-volto
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-61960
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM portal access vulnerability

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59777
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.38% / 30.17%
||
7 Day CHG+0.01%
Published-10 Nov, 2025 | 04:10
Updated-14 Nov, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Action-Not Available
Vendor-GNU ProjectGNU
Product-libmicrohttpdGNU libbmicrohttpd
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59668
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.44% / 35.19%
||
7 Day CHG+0.01%
Published-30 Sep, 2025 | 04:06
Updated-31 Oct, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.

Action-Not Available
Vendor-NIHON KOHDEN CORPORATION
Product-Central Monitor CNS-6201
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-58120
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.32% / 23.53%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_next_for_kubernetesbig-ip_next_service_proxy_for_kubernetesbig-ip_next_cloud-native_network_functionsBIG-IP Next CNFBIG-IP Next SPKBIG-IP Next for Kubernetes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-52585
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.31% / 23.08%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 14:46
Updated-21 Oct, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Client SSL profile vulnerability

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_container_ingress_servicesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
Details not found