VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 13 of 80
  • CVE-2026-32071HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

  • CVE-2025-69624HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true)…

  • CVE-2025-66769HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.

  • CVE-2026-1584HigApr 9, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the…

  • CVE-2026-31931HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.

  • CVE-2026-4652HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on…

  • CVE-2026-2507HigFeb 18, 2026
    risk 0.49cvss 7.5epss 0.00

    When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-23148HigFeb 14, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done()…

  • CVE-2026-0918HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An…

  • CVE-2025-69421HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. …

  • CVE-2026-22998HigJan 25, 2026
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset…

  • CVE-2026-22992HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This…

  • CVE-2026-22991HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(),…

  • CVE-2025-14501HigDec 23, 2025
    risk 0.49cvss 7.5epss 0.01

    Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to…

  • CVE-2025-7007HigDec 1, 2025
    risk 0.49cvss 7.5epss 0.00

    NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.

  • CVE-2025-59668HigSep 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.

  • CVE-2025-40779HigAug 27, 2025
    risk 0.49cvss 7.5epss 0.01

    If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not…

  • CVE-2025-41691HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

  • CVE-2025-32818HigApr 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

  • CVE-2025-32913HigApr 14, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.