Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Pointer Issues
Category ID:465
Vulnerability Mapping:Prohibited
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
5459Vulnerabilities found
CVE-2025-53408
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-1.3||LOW
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:15
Updated-14 Nov, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53412
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-0.6||LOW
EPSS-0.16% / 36.61%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 15:13
Updated-14 Nov, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27917
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.22%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 00:00
Updated-08 Dec, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference.

Action-Not Available
Vendor-anydeskn/a
Product-anydeskn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-46404
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.38%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 14:56
Updated-07 Nov, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Action-Not Available
Vendor-entrouvertEntr'ouvert
Product-lassoLasso
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54332
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54334
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_1280_firmwareexynos_1380exynos_1580_firmwareexynos_2400_firmwareexynos_2400exynos_2500_firmwareexynos_1280exynos_1480_firmwareexynos_1580exynos_2500n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54331
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-54333
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2025-11232
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.22%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 18:02
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid characters cause assert

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the default is empty). DDNS updates do not need to be enabled for this issue to manifest. A client that sends certain option content would then cause kea-dhcp4 to exit unexpectedly. This issue affects Kea versions 3.0.1 through 3.0.1 and 3.1.1 through 3.1.2.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-Kea
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2025-62791
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 26.57%
||
7 Day CHG+0.02%
Published-29 Oct, 2025 | 16:48
Updated-03 Nov, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh vulnerable to NULL pointer dereference in DecodeCiscat

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62790
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 31.44%
||
7 Day CHG+0.03%
Published-29 Oct, 2025 | 16:46
Updated-03 Nov, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62789
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 31.44%
||
7 Day CHG+0.03%
Published-29 Oct, 2025 | 16:44
Updated-03 Nov, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh vulnerable to NULL pointer dereference in fim_alert line 712

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62785
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 31.44%
||
7 Day CHG+0.03%
Published-29 Oct, 2025 | 15:37
Updated-03 Nov, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh fillData NULL pointer dereference causes analysisd crash

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61106
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-28 Oct, 2025 | 00:00
Updated-31 Oct, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61103
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-28 Oct, 2025 | 00:00
Updated-31 Oct, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61107
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-28 Oct, 2025 | 00:00
Updated-31 Oct, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61104
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-28 Oct, 2025 | 00:00
Updated-31 Oct, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-12207
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.45%
||
7 Day CHG+0.01%
Published-27 Oct, 2025 | 02:32
Updated-24 Feb, 2026 | 07:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kamailio Grammar Rule cfg.y yyerror_at null pointer dereference

A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kamailion/a
Product-kamailioKamailio
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-12206
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.45%
||
7 Day CHG+0.01%
Published-27 Oct, 2025 | 02:32
Updated-24 Feb, 2026 | 07:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kamailio rvalue.c rve_is_constant null pointer dereference

A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kamailion/a
Product-kamailioKamailio
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61101
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-27 Oct, 2025 | 00:00
Updated-03 Nov, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61100
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-27 Oct, 2025 | 00:00
Updated-03 Nov, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61105
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-27 Oct, 2025 | 00:00
Updated-03 Nov, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61099
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-27 Oct, 2025 | 00:00
Updated-03 Nov, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61102
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.22%
||
7 Day CHG+0.10%
Published-27 Oct, 2025 | 00:00
Updated-03 Nov, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23352
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:36
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Virtual GPU Manager
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-23332
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5||MEDIUM
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:25
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TeslaNVIDIA RTX, Quadro, NVSVirtual GPU ManagerGeForceGuest driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23330
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:25
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA RTX, Quadro, NVSTeslaGeForceGuest driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23300
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 18:24
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TeslaNVIDIA RTX, Quadro, NVSVirtual GPU ManagerGeForceGuest driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-50950
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.07%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 00:00
Updated-28 Oct, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.

Action-Not Available
Vendor-audiofilen/a
Product-audiofilen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-60332
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.75%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 00:00
Updated-24 Oct, 2025 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823g_firmwaredir-823gn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-60336
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.61% / 89.10%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 00:00
Updated-24 Oct, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-60335
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.66% / 85.58%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 00:00
Updated-24 Oct, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-4981
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 15:02
Updated-31 Oct, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

Action-Not Available
Vendor-offisn/a
Product-dcmtkDCMTK
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62409
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 2.80%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 17:47
Updated-29 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy allows large requests and responses to cause TCP connection pool crash

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61908
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.40%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 17:16
Updated-26 Nov, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

Action-Not Available
Vendor-icingaIcinga
Product-icingaicinga2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-9548
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 14:25
Updated-16 Oct, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Power Management Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61960
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.15% / 36.12%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM portal access vulnerability

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-58120
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.15% / 36.12%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_next_for_kubernetesbig-ip_next_service_proxy_for_kubernetesbig-ip_next_cloud-native_network_functionsBIG-IP Next CNFBIG-IP Next SPKBIG-IP Next for Kubernetes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59478
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.13% / 32.85%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP AFM DoS protection profile vulnerability

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-54270
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.41%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 00:18
Updated-17 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | NULL Pointer Dereference (CWE-476)

Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosanimatewindowsAnimate
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59187
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.08%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-55698
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.31% / 54.25%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Denial of Service Vulnerability

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows 11 Version 25H2Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-55696
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.54%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-59207
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.08%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-55681
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.13% / 32.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Desktop Window Manager Elevation of Privilege Vulnerability

Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-55677
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Device Association Broker Service Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows Server 2025Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-24990
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.43% / 90.91%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-11-04||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Windows Agere Modem Driver Elevation of Privilege Vulnerability

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_1607windows_server_2016windows_server_2022_23h2windows_10_21h2windows_11_22h2windows_10_1809windows_10_22h2windows_11_23h2windows_server_2022windows_server_2019windows_server_2008windows_server_2012windows_10_1507Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-42902
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 00:17
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP Platform

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.

Action-Not Available
Vendor-SAP SE
Product-SAP Netweaver AS ABAP and ABAP Platform
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-59836
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 64.67%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 20:43
Updated-04 Dec, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. The vulnerability exists in the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. When a resource is created with an empty Metadata field, the CreateResource function attempts to access resource.Metadata.Version causing a segmentation fault. This vulnerability is fixed in 1.1.5 and 1.0.2.

Action-Not Available
Vendor-siderolabssiderolabs
Product-omniomni
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2025-9337
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Assigner-ASUSTeK Computer Incorporation
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.40%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 09:24
Updated-21 Oct, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-Armoury Crate
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-11618
Assigner-Amazon
ShareView Details
Assigner-Amazon
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.80%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 17:10
Updated-31 Oct, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid Pointer Dereference when receiving UDP/IPv6 packets in FreeRTOS-Plus-TCP

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Action-Not Available
Vendor-amazonAWS
Product-freertos-plus-tcpFreeRTOS-Plus-TCP
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 109
  • 110
  • Next