Total
5195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2926 | 1 Hdfgroup | 1 Hdf5 | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14957 | 1 Webassembly | 1 Binaryen | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue. | |||||
| CVE-2025-8584 | 1 Libav | 1 Libav | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-11000 | 1 Openbabel | 1 Open Babel | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3387 | 1 Wren | 1 Wren | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-8175 | 1 Dlink | 2 Di-8400, Di-8400 Firmware | 2026-04-29 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1416 | 1 Gpac | 1 Gpac | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-14953 | 1 Open5gs | 1 Open5gs | 2026-04-29 | 2.1 LOW | 3.1 LOW |
| A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been published and may be used. This patch is called 93a9fd98a8baa94289be3b982028201de4534e32. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-8844 | 1 Nasm | 1 Netwide Assembler | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14841 | 2026-04-29 | 1.7 LOW | 3.3 LOW | ||
| A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component. | |||||
| CVE-2026-1415 | 1 Gpac | 1 Gpac | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-8835 | 1 Jasper Project | 1 Jasper | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-6858 | 1 Hdfgroup | 1 Hdf5 | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1991 | 1 Libuvc | 1 Libuvc | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-12206 | 1 Kamailio | 1 Kamailio | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12207 | 1 Kamailio | 1 Kamailio | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3389 | 1 Squirrel-lang | 1 Squirrel | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-11011 | 1 Behaviortree | 1 Behaviortree | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue. | |||||
| CVE-2025-10999 | 1 Openbabel | 1 Open Babel | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public and could be used. | |||||
| CVE-2026-3392 | 1 Lily-lang | 1 Lily | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||