VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 27 of 80
  • CVE-2026-20064MedMar 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied…

  • CVE-2026-27141HigFeb 26, 2026
    risk 0.42cvss 7.5epss 0.01

    Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

  • CVE-2025-70954HigFeb 13, 2026
    risk 0.42cvss 7.5epss 0.01

    A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before…

  • CVE-2025-14309HigDec 9, 2025
    risk 0.42cvss 7.5epss 0.00

    NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.

  • CVE-2025-11550MedOct 9, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be…

  • CVE-2025-24515MedAug 12, 2025
    risk 0.42cvss 6.5epss 0.00

    NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-8175MedJul 26, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to…

  • CVE-2025-8033MedJul 22, 2025
    risk 0.42cvss 6.5epss 0.00

    The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and…

  • CVE-2025-6395MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.01

    A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

  • CVE-2025-53603HigJul 5, 2025
    risk 0.42cvss 7.5epss 0.01

    In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.

  • CVE-2025-20071MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-24251MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app…

  • CVE-2025-32912MedApr 14, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.

  • CVE-2025-32910MedApr 14, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.

  • CVE-2025-2957MedMar 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be…

  • CVE-2025-2956MedMar 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer…

  • CVE-2023-37039MedJan 22, 2025
    risk 0.42cvss 6.5epss 0.00

    A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `RRC…

  • CVE-2024-24443MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

  • CVE-2023-37035MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global…

  • CVE-2024-24445MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is…