Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
Category ID:737
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
4137Vulnerabilities found
CVE-2025-6395
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 15:20
Updated-25 Jul, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-7209
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 01:02
Updated-10 Jul, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
9fans plan9port x509.c value_decode null pointer dereference

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-9fans
Product-plan9port
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47119
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:11
Updated-10 Jul, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Framemaker | NULL Pointer Dereference (CWE-476)

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-framemakerwindowsAdobe Framemaker
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-49524
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:01
Updated-10 Jul, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | NULL Pointer Dereference (CWE-476)

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-43583
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 21:07
Updated-11 Jul, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Viewer | NULL Pointer Dereference (CWE-476)

Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_viewerSubstance3D - Viewer
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-49678
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 13.80%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-49694
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Brokering File System Elevation of Privilege Vulnerability

Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_24h2windows_server_2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-49686
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Driver Elevation of Privilege Vulnerability

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47109
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:25
Updated-14 Jul, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | NULL Pointer Dereference (CWE-476)

After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macoswindowsafter_effectsAfter Effects
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-21433
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 12:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in SPS-HLOS

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresdm429w_firmwaresd865_5gsnapdragon_632_mobilesm8735qca6595qca8081_firmwaresnapdragon_670_mobileqam8620p_firmwarewcn7880_firmwarewcd9340_firmwaresa8530pwcd9395_firmwareqcn6024wcn7750qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilefastconnect_6700wcn3610sa4150psnapdragon_427_mobile_firmwaresnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_665_mobile_firmwareqca6574au_firmwareqcn7606_firmwaresnapdragon_x72_5g_modem-rfsm6370qam8295pwcd9341sd626_firmwaresnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwarewcn3660_firmwareqcs9100fastconnect_6800_firmwareqcs5430wcn7860qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psa8770psnapdragon_678_mobile_firmwaresnapdragon_425_mobilesnapdragon_632_mobile_firmwaresa8540pqsm8350_firmwarevideo_collaboration_vc1_platformqep8111sm8635sa7255psnapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200snapdragon_680_4g_mobilesa6155psnapdragon_429_mobile_firmwareqam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_888_5g_mobile_firmwaresxr2250p_firmwaresnapdragon_662_mobile_firmwaresnapdragon_685_4g_mobile_firmwaresa6155p_firmwaresnapdragon_ar1_gen_1qca6698ausnapdragon_x55_5g_modem-rfsnapdragon_4_gen_2_mobile_firmwareqca6436_firmwaresnapdragon_695_5g_mobile_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresnapdragon_x62_5g_modem-rf_firmwareqca6420wcn3910wcn3660bqca6574asm7635p_firmwaresnapdragon_x72_5g_modem-rf_firmwarewcn3620_firmwareqca6174awcd9340qcs8250_firmwareqcm2290qdu1210talynplussnapdragon_auto_5g_modem-rf_gen_2sm8550p_firmwaresxr2250pqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn9024qca6574215_mobileqca6698au_firmwareqamsrv1hsm8650qqcm2290_firmwarevision_intelligence_100snapdragon_765g_5g_mobile_firmwarehome_hub_100sa8155pwsa8830smart_display_200_firmwaresm8550psa6145psnapdragon_625_mobile_firmwaresa8255p_firmwaresm7635_firmwaresnapdragon_4_gen_2_mobilewcn7750_firmwareqrb5165m_firmwaresa8650p_firmwaresm7635pwcn3620wcn6450_firmwaresrv1l_firmwareqcs9100_firmwaresnapdragon_865\+_5g_mobile_firmwaresnapdragon_429_mobilewcn3950_firmwareqrb5165nfastconnect_6200sm7325p_firmwarewcd9378snapdragon_480_5g_mobile_firmwaresm8635p_firmwaresm6650p_firmwareqdx1011snapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobileqcn6224_firmwarevision_intelligence_100_firmwareqca6431sdx61_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwareqca9379_firmwaresrv1lsxr2130_firmwaresm7675psrv1msnapdragon_860_mobile_firmwarear8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msc8380xpsd888_firmwaresnapdragon_x62_5g_modem-rfqcs6125_firmwarewsa8815_firmwareqca8337_firmwaresnapdragon_665_mobilesm7250p_firmwaresm4635_firmwarewcn3680_firmwarewcn3950snapdragon_730g_mobile_firmwaresm8750qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwaresnapdragon_778g\+_5g_mobile_firmwareapq8037smart_audio_400_firmwaresa8295p_firmwaresa4155p_firmwaresnapdragon_720g_mobilesm7250psa8155sd888wcn6755_firmwareqru1062_firmwaresnapdragon_675_mobile_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareqru1062sd626fastconnect_6800qcs7230pm8937snapdragon_865_5g_mobile_firmwarefastconnect_6900_firmwarerobotics_rb5_firmwareqmp1000_firmwarewcn7880sxr2330pwcn6755wcn7881video_collaboration_vc3_platformqcm2150_firmware215_mobile_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615wcn3680sa8255pqcs7230_firmwarewcd9390_firmwareqep8111_firmwareqcs615_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobilesnapdragon_860_mobileqdx1011_firmwaresm8750_firmwareflight_rb5_5g_firmwaressg2125pqru1052snapdragon_x65_5g_modem-rf_firmwarecsra6640_firmwareqamsrv1mwcn7861qam8650p_firmwarevideo_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresm6650_firmwareqam8620pwcd9335_firmwareqrb5165n_firmwareqca6436sd855_firmwarewcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqdu1010_firmwareqcs4290_firmwaresnapdragon_430_mobile_firmwareqcs8300csra6620qca8081wsa8815qam8775psnapdragon_ar2_gen_1_firmwareqcm4325_firmwaresnapdragon_439_mobile_firmwaresnapdragon_720g_mobile_firmwareqcm4290_firmwaresnapdragon_ar1_gen_1_firmwaresnapdragon_710_mobileqcn9274_firmwareqcs5430_firmwaresnapdragon_x32_5g_modem-rfsg4150p_firmwareqru1052_firmwarecsra6620_firmwareqcs8550snapdragon_626_mobilesa8650pqam8775p_firmwaresd865_5g_firmwaresm8750p_firmwaresnapdragon_xr1wcd9375snapdragon_ar2_gen_1sa8145psnapdragon_8\+_gen_1_mobile_firmwaresmart_display_200sm7675p_firmwareqdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareapq8017sw5100psxr1120sa6150p_firmwarewcn6650wcd9335wcd9370qca6696wcd9341_firmwaresxr2330p_firmwarewcn7881_firmwarewcn6450wcn6740_firmwaresnapdragon_780g_5g_mobilesnapdragon_750g_5g_mobilevision_intelligence_200_firmwaresnapdragon_685_4g_mobilesnapdragon_x50_5g_modem-rf_firmwareqdu1110snapdragon_690_5g_mobile_firmwareqca6574auwcd9390sa8620p_firmwarepm8937_firmwarecsra6640snapdragon_778g_5g_mobile_firmwaresrv1hsm8650q_firmwarewcn3660b_firmwaresd730snapdragon_690_5g_mobileqcn6024_firmwareqcm5430snapdragon_625_mobileqcm6125_firmwaressg2115pqcc710snapdragon_x32_5g_modem-rf_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwarefastconnect_6900robotics_rb2snapdragon_w5\+_gen_1_wearable_firmwareqru1032_firmwareqfw7114qam8255p_firmwaresa8155_firmwaresdx61snapdragon_x65_5g_modem-rfqcs4490snapdragon_730_mobilewsa8845snapdragon_626_mobile_firmwareqca6421_firmwareqcm6125wsa8810qdu1000_firmwaresrv1h_firmwareqca6595ausnapdragon_888_5g_mobilesm7315_firmwareqdu1010wcd9326_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqdu1210_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwaresm8750pqcn9012qcs4490_firmwarewcn3910_firmwaresm8635psnapdragon_460_mobilesnapdragon_8_gen_2_mobileqmp1000wcd9370_firmwarerobotics_rb2_firmwareqdu1110_firmwareqdu1000sa7255p_firmwaresnapdragon_8\+_gen_2_mobilesa8195pqcm6490sa8540p_firmwaresm6370_firmwaresnapdragon_662_mobileqcn9274qca9379sa8775psxr2230p_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresmart_audio_400qcn9024_firmwarewsa8845hwcd9326sa6150psa8155p_firmwaresnapdragon_768g_5g_mobile_firmwaresm7675_firmwarear8035qamsrv1m_firmwaresa6155qcm4325qcn6224qcs615snapdragon_435_mobile_firmwareqca6698aqssg2125p_firmwaresm6250sm7635sa7775p_firmwaresa8530p_firmwaresnapdragon_480\+_5g_mobilesd670wcn3680bsa8145p_firmwaresa8150p_firmwarefastconnect_6700_firmwarewcn3990snapdragon_x75_5g_modem-rf_firmwareqcs6490snapdragon_695_5g_mobileqcs8250snapdragon_778g_5g_mobilefastconnect_6200_firmwarehome_hub_100_firmwaresnapdragon_460_mobile_firmwarewsa8830_firmwareqca6678aq_firmwarewsa8845_firmwarewsa8832wcd9378_firmwareqca6678aqsnapdragon_x35_5g_modem-rfwcn7860_firmwaresa4150p_firmwaresm4635snapdragon_425_mobile_firmwaresc8280xp-abbbsa8195p_firmwareqcm4290snapdragon_xr2\+_gen_1sg8275p_firmwareqcm6490_firmwaresm4125qcm4490_firmwareqru1032qcs6125flight_rb5_5gsnapdragon_870_5g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_870_5g_mobilesnapdragon_678_mobilesm6250_firmwareqca6584auqcn6274_firmwaresnapdragon_435_mobileqcn9011_firmwaresw5100_firmwarewcn6740wcn6650_firmwaresnapdragon_780g_5g_mobile_firmwaresnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwaresnapdragon_675_mobilesm8635_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwaresnapdragon_450_mobile_firmwaresnapdragon_xr2_5gsa8150psxr1230pwcn3660sm6650sw5100aqt1000snapdragon_4_gen_1_mobile_firmwaresm6650pqca6688aqqam8295p_firmwaresd855wcn3990_firmwaresm7315wcd9385snapdragon_888\+_5g_mobileqsm8350snapdragon_8_gen_1_mobilesnapdragon_680_4g_mobile_firmwarewcn3610_firmwareqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobilesg8275pwcn3615_firmwaresxr2130qcm4490snapdragon_480\+_5g_mobile_firmwarerobotics_rb5sm7325pqca6174a_firmwarewcn7861_firmwaresnapdragon_732g_mobile_firmwaresnapdragon_x50_5g_modem-rfapq8037_firmwaresnapdragon_670_mobile_firmwareaqt1000_firmwaresdm429wqca6584au_firmwareqcn6274qfw7124qca6595au_firmwareqcs8300_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqca6797aqsnapdragon_x75_5g_modem-rfsnapdragon_427_mobilesa8620psnapdragon_4_gen_1_mobileqca6574a_firmwaresnapdragon_450_mobilesnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwarewcd9375_firmwaresd_8_gen1_5g_firmwaresa7775pqca6391qcn9012_firmwaresnapdragon_439_mobilesa8770p_firmwaresa8295psm8735_firmwaresc8280xp-abbb_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareqca6688aq_firmwaresnapdragon_765g_5g_mobilewcn3988_firmwaresnapdragon_430_mobilesm7675qamsrv1h_firmwarewsa8835_firmwaressg2115p_firmwarewcn3980qcm2150snapdragon_w5\+_gen_1_wearableSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53184
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:35
Updated-09 Jul, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53183
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:29
Updated-09 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53182
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:24
Updated-09 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53181
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:22
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53180
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:20
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53179
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:16
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53170
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-4||MEDIUM
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 01:58
Updated-15 Jul, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-25177
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 00:00
Updated-24 Jul, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

Action-Not Available
Vendor-luajitn/a
Product-luajitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53603
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-05 Jul, 2025 | 00:00
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.

Action-Not Available
Vendor-Alinto
Product-SOPE
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41648
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.79%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 08:10
Updated-03 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pilz: Authentication Bypass in IndustrialPI Webstatus

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

Action-Not Available
Vendor-Pilz
Product-IndustrialPI 4 with IndustrialPI webstatus
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2025-6858
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.50%
||
7 Day CHG~0.00%
Published-29 Jun, 2025 | 11:00
Updated-08 Jul, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5HDF5
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-45333
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 00:00
Updated-09 Jul, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Action-Not Available
Vendor-berkeley-abcn/a
Product-abcn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-45332
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.32%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 00:00
Updated-09 Jul, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Action-Not Available
Vendor-vkoskivn/a
Product-c-rayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-6496
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 00:00
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-HTML Tidy Advocacy Community Group (“HTACG”)
Product-tidy-html5
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-6375
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-21 Jun, 2025 | 00:31
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
poco MultipartReader.cpp MultipartInputStream null pointer dereference

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-n/a
Product-poco
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-45331
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 00:00
Updated-24 Jun, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-48705
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.54%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 00:00
Updated-08 Jul, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.

Action-Not Available
Vendor-yftechn/a
Product-coros_pace_3_firmwarecoros_pace_3n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-45525
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.02% / 3.45%
||
7 Day CHG-0.01%
Published-17 Jun, 2025 | 00:00
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.

Action-Not Available
Vendor-asvd
Product-microlight
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-1698
Assigner-Lenovo Group Ltd.
ShareView Details
Assigner-Lenovo Group Ltd.
CVSS Score-2.4||LOW
EPSS-0.02% / 2.82%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 16:14
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-Edge+ 2023Razr 2023Razr 40Edge 40 ProRazr 40 Ultra
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-47111
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.80%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 19:11
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | NULL Pointer Dereference (CWE-476)

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-Acrobat Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33057
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.23%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Denial of Service Vulnerability

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30321
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.80%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:23
Updated-16 Jun, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | NULL Pointer Dereference (CWE-476)

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-indesignwindowsmacosInDesign Desktop
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-5867
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.26% / 49.67%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 07:31
Updated-11 Jul, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RT-Thread lwp_syscall.c csys_sendto null pointer dereference

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.

Action-Not Available
Vendor-rt-threadn/a
Product-rt-threadRT-Thread
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-25217
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.29%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 11:46
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arkui_ace_enginehas a NULL pointer dereference vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-22490
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29873
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29876
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-29877
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 15:52
Updated-18 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-file_stationFile Station 5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41646
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-13.30% / 93.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 14:42
Updated-10 Jun, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RevPi Webstatus application is vulnerable to an authentication bypass

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Action-Not Available
Vendor-KUNBUS GmbH
Product-revpi_statusRevolution Pi webstatus
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2025-31711
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:50
Updated-10 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t9300sc9863at8300sc7731et820t616t750t310t770t618t612t765t760s8000sc9832eandroidt606t610SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23100
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.39%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1280_firmwareexynos_1480_firmwareexynos_1380exynos_1280exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_2400_firmwareexynos_1480n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0325
Assigner-Axis Communications AB
ShareView Details
Assigner-Axis Communications AB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.76%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 07:36
Updated-02 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

Action-Not Available
Vendor-Axis Communications AB
Product-AXIS OS
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-628
Function Call with Incorrectly Specified Arguments
CVE-2025-20677
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-10 Jul, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt7902nbiot_sdkmt7927mt7925mt7922mt7921MT7902, MT7921, MT7922, MT7925, MT7927
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20676
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-10 Jul, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt7902nbiot_sdkmt7927mt7925mt7922mt7921MT7902, MT7921, MT7922, MT7925, MT7927
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20675
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-02 Jul, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt7902mt7921_firmwaremt7925mt7922_firmwaremt7927_firmwaremt7922mt7927mt7925_firmwaremt7921mt7902_firmwareMT7902, MT7921, MT7922, MT7925, MT7927
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20673
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-02 Jul, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt7902mt7921_firmwaremt7925mt7922_firmwaremt7927_firmwaremt7922mt7927mt7925_firmwaremt7921mt7902_firmwareMT7902, MT7921, MT7922, MT7925, MT7927
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-54952
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.80%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 00:00
Updated-30 Jun, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.

Action-Not Available
Vendor-n/aMikroTik
Product-routerosn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-22653
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 00:00
Updated-18 Jun, 2025 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

Action-Not Available
Vendor-yasm_projectn/a
Product-yasmn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27701
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 15:42
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-47466
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.02% / 2.67%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:00
Updated-02 Jul, 2025 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

Action-Not Available
Vendor-taglibTagLib
Product-taglibTagLib
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-4476
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.33%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 17:56
Updated-29 Jul, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: null pointer dereference in libsoup may lead to denial of service

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 82
  • 83
  • Next