VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 25 of 80
  • CVE-2026-22899MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…

  • CVE-2026-45541HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied…

  • CVE-2026-9752MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that…

  • CVE-2026-9743MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context,…

  • CVE-2025-55659MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2026-42903MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

  • CVE-2026-42765HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL…

  • CVE-2026-42764HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.01

    Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server…

  • CVE-2026-3238HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.03

    A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer…

  • CVE-2026-46357MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take…

  • CVE-2026-46527HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose…

  • CVE-2026-44322HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper…

  • CVE-2026-44316HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404…

  • CVE-2026-46024HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In…

  • CVE-2026-48829HigMay 24, 2026
    risk 0.42cvss 7.5epss 0.00

    In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.

  • CVE-2026-32738MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX),…

  • CVE-2026-34350MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.

  • CVE-2026-7262HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.01

    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads…

  • CVE-2026-43441HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which…

  • CVE-2026-39836HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).