Total
5274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65496 | 1 Libcoap | 1 Libcoap | 2026-06-17 | N/A | 4.3 MEDIUM |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||||
| CVE-2025-65494 | 1 Libcoap | 1 Libcoap | 2026-06-17 | N/A | 7.5 HIGH |
| NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL. | |||||
| CVE-2025-65493 | 1 Libcoap | 1 Libcoap | 2026-06-17 | N/A | 7.5 HIGH |
| NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. | |||||
| CVE-2025-65411 | 1 Unrtf Project | 1 Unrtf | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter. | |||||
| CVE-2025-65408 | 1 Live555 | 1 Streaming Media | 2026-06-17 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file. | |||||
| CVE-2025-65296 | 1 Aqara | 6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs. | |||||
| CVE-2025-64527 | 1 Envoyproxy | 1 Envoy | 2026-06-17 | N/A | 6.5 MEDIUM |
| Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives. | |||||
| CVE-2025-64335 | 1 Oisf | 1 Suricata | 2026-06-17 | N/A | 7.5 HIGH |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data. | |||||
| CVE-2025-64169 | 1 Wazuh | 1 Wazuh | 2026-06-17 | N/A | 4.9 MEDIUM |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0. | |||||
| CVE-2025-64086 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-64085 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-63929 | 1 Airpig2011 | 1 Iec104 | 2026-06-17 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue pointer, resulting in a segmentation fault and potential denial-of-service. | |||||
| CVE-2025-63745 | 1 Radare | 1 Radare2 | 2026-06-17 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data. | |||||
| CVE-2025-63744 | 1 Radare | 1 Radare2 | 2026-06-17 | N/A | 4.3 MEDIUM |
| A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program. | |||||
| CVE-2025-63655 | 1 Monkey-project | 1 Monkey | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | |||||
| CVE-2025-63648 | 1 Owntone | 1 Owntone Server | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. | |||||
| CVE-2025-63647 | 1 Owntone | 1 Owntone Server | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. | |||||
| CVE-2025-62850 | 1 Qnap | 1 Quts Hero | 2026-06-17 | N/A | 7.2 HIGH |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later | |||||
| CVE-2025-62848 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 7.5 HIGH |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||
| CVE-2025-62817 | 1 Samsung | 14 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 11 more | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. | |||||