Total
3854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53180 | 1 Huawei | 1 Harmonyos | 2025-07-09 | N/A | 6.5 MEDIUM |
| Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2025-45332 | 1 Vkoskiv | 1 C-ray | 2025-07-09 | N/A | 7.5 HIGH |
| vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | |||||
| CVE-2025-45333 | 1 Berkeley-abc | 1 Abc | 2025-07-09 | N/A | 7.5 HIGH |
| berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | |||||
| CVE-2025-45835 | 1 Netis-systems | 2 Wf2880, Wf2880 Firmware | 2025-07-09 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | |||||
| CVE-2025-53603 | 2025-07-08 | N/A | 7.5 HIGH | ||
| In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body. | |||||
| CVE-2025-6858 | 1 Hdfgroup | 1 Hdf5 | 2025-07-08 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48705 | 1 Yftech | 2 Coros Pace 3, Coros Pace 3 Firmware | 2025-07-08 | N/A | 7.5 HIGH |
| An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot. | |||||
| CVE-2025-40576 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | |||||
| CVE-2025-24997 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-03 | N/A | 4.4 MEDIUM |
| Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. | |||||
| CVE-2024-12661 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2025-07-02 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-20673 | 1 Mediatek | 10 Mt7902, Mt7902 Firmware, Mt7921 and 7 more | 2025-07-02 | N/A | 5.5 MEDIUM |
| In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304. | |||||
| CVE-2025-20675 | 1 Mediatek | 10 Mt7902, Mt7902 Firmware, Mt7921 and 7 more | 2025-07-02 | N/A | 5.5 MEDIUM |
| In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302. | |||||
| CVE-2023-47466 | 1 Taglib | 1 Taglib | 2025-07-02 | N/A | 2.9 LOW |
| TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. | |||||
| CVE-2024-25073 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-07-01 | N/A | 5.9 MEDIUM |
| An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference). | |||||
| CVE-2024-54952 | 1 Mikrotik | 1 Routeros | 2025-06-30 | N/A | 7.5 HIGH |
| MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. | |||||
| CVE-2024-31755 | 1 Cjson Project | 1 Cjson | 2025-06-30 | N/A | 7.6 HIGH |
| cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. | |||||
| CVE-2023-34398 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | N/A | 7.5 HIGH |
| Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference. | |||||
| CVE-2023-34400 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | N/A | 7.5 HIGH |
| Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer. | |||||
| CVE-2024-56188 | 1 Google | 1 Android | 2025-06-27 | N/A | 5.1 MEDIUM |
| there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-37602 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | N/A | 4.6 MEDIUM |
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail. | |||||