Total
5243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6375 | 1 Pocoproject | 1 Poco | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component. | |||||
| CVE-2025-69651 | 1 Gnu | 1 Binutils | 2026-06-17 | N/A | 5.5 MEDIUM |
| GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version. | |||||
| CVE-2025-69649 | 1 Gnu | 1 Binutils | 2026-06-17 | N/A | 7.5 HIGH |
| GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed. | |||||
| CVE-2025-69421 | 1 Openssl | 1 Openssl | 2026-06-17 | N/A | 7.5 HIGH |
| Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. | |||||
| CVE-2025-69259 | 2 Microsoft, Trendmicro | 2 Windows, Apex Central | 2026-06-17 | N/A | 7.5 HIGH |
| A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | |||||
| CVE-2025-69252 | 1 Free5gc | 1 Udm | 2026-06-17 | N/A | 7.5 HIGH |
| free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended. | |||||
| CVE-2025-68699 | 1 Emqx | 1 Nanomq | 2026-06-17 | N/A | 6.5 MEDIUM |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly validated during the subscription stage, so the invalid Topic Filter is stored into the subscription table. Later, when any PUBLISH matches this subscription, the broker send path (nmq_pipe_send_start_v4/v5) performs a second $share/ parsing using strchr() and increments the returned pointer without NULL checks. If the second strchr() returns NULL, sub_topic++ turns the pointer into an invalid address (e.g. 0x1). This invalid pointer is then passed into topic_filtern(), which triggers strlen() and crashes with SIGSEGV. The crash is stable and remotely triggerable. This issue has been patched in version 0.24.7. | |||||
| CVE-2025-68274 | 1 Emiago | 1 Sipgo | 2026-06-17 | N/A | 7.5 HIGH |
| SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue. | |||||
| CVE-2025-68141 | 1 Linuxfoundation | 1 Everest | 2026-06-17 | N/A | 7.4 HIGH |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue. | |||||
| CVE-2025-66720 | 1 Free5gc | 1 Pcf | 2026-06-17 | N/A | 7.5 HIGH |
| Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId. | |||||
| CVE-2025-66646 | 1 Riot-os | 1 Riot | 2026-06-17 | N/A | 7.5 HIGH |
| RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented IPv6 packet with fragment offset 0 and an empty payload, the payload pointer is set to NULL. However, the implementation still tries to copy the payload into the reassembly buffer, resulting in a NULL pointer dereference which crashes the OS (DoS). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be enabled and the attacker must be able to send arbitrary IPv6 packets to the victim. RIOT OS v2025.10 fixes the issue. | |||||
| CVE-2025-66274 | 1 Qnap | 1 Quts Hero | 2026-06-17 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h6.0.0.3397 build 20260206 and later | |||||
| CVE-2025-65835 | 2 Eddyverbruggen, Google | 2 Cordova Social Sharing, Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin. | |||||
| CVE-2025-65566 | 1 Linuxfoundation | 1 Upf | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead of rejecting the malformed message. This triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Report Response messages to the UPF's N4/PFCP endpoint can exploit this flaw to repeatedly crash the UPF and disrupt user-plane services. | |||||
| CVE-2025-65565 | 1 Opennetworking | 1 Upf | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID (CPF-SEID) Information Element is not properly validated. The session establishment handler calls IE.FSEID() on a nil pointer, which triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services. | |||||
| CVE-2025-65564 | 1 Opennetworking | 1 Upf | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer via IE.RecoveryTimeStamp() instead of validating the message. This results in a panic and terminates the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services. | |||||
| CVE-2025-65563 | 1 Opennetworking | 1 Upf | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler dereferences a nil pointer instead of validating the message, causing a panic and terminating the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services. | |||||
| CVE-2025-65502 | 1 Cesanta | 1 Mongoose | 2026-06-17 | N/A | 4.3 MEDIUM |
| Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL. | |||||
| CVE-2025-65501 | 1 Libcoap | 1 Libcoap | 2026-06-17 | N/A | 4.3 MEDIUM |
| Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. | |||||
| CVE-2025-65500 | 1 Libcoap | 1 Libcoap | 2026-06-17 | N/A | 4.3 MEDIUM |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||||