Total
5257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1416 | 1 Gpac | 1 Gpac | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2026-1415 | 1 Gpac | 1 Gpac | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2026-12329 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.3 MEDIUM |
| Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. | |||||
| CVE-2026-11788 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-17 | N/A | 5.9 MEDIUM |
| A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure. | |||||
| CVE-2026-10298 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-10199 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2026-10198 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug. | |||||
| CVE-2026-10197 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance. | |||||
| CVE-2026-0968 | 2 Libssh, Redhat | 2 Libssh, Enterprise Linux | 2026-06-17 | N/A | 3.1 LOW |
| A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. | |||||
| CVE-2026-0943 | 1 Jv | 1 Harfbuzz\ | 2026-06-17 | N/A | 7.5 HIGH |
| HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693. | |||||
| CVE-2026-0918 | 1 Tp-link | 4 Tapo C220, Tapo C220 Firmware, Tapo C520ws and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable. | |||||
| CVE-2026-0731 | 1 Totolink | 2 Wa1200-poe, Wa1200-poe Firmware | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-0710 | 2026-06-17 | N/A | 8.4 HIGH | ||
| A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability. | |||||
| CVE-2026-0401 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||||
| CVE-2025-9817 | 1 Wireshark | 1 Wireshark | 2026-06-17 | N/A | 7.8 HIGH |
| SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | |||||
| CVE-2025-9548 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error. | |||||
| CVE-2025-9396 | 1 Ckolivas | 1 Lrzip | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9384 | 1 Broadcom | 1 Tcpreplay | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2". | |||||
| CVE-2025-9337 | 2026-06-17 | N/A | N/A | ||
| A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | |||||
| CVE-2025-9166 | 1 Rockwellautomation | 2 Controllogix 5580, Controllogix 5580 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller. | |||||