VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 69 of 80
  • CVE-2026-45729MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to Picture::load() to crash the process with a 6-byte payload. This issue has been…

  • CVE-2026-47337LowMay 28, 2026
    risk 0.21cvss 3.3epss 0.00

    Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.

  • CVE-2026-47327LowMay 28, 2026
    risk 0.21cvss 3.3epss 0.00

    Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.

  • CVE-2026-44323MedMay 27, 2026
    risk 0.21cvss 4.3epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated…

  • CVE-2026-9529LowMay 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach.…

  • CVE-2026-25110LowMay 19, 2026
    risk 0.21cvss 3.3epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

  • CVE-2026-8783MedMay 18, 2026
    risk 0.21cvss 4.3epss 0.00

    A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been…

  • CVE-2026-8782MedMay 18, 2026
    risk 0.21cvss 4.3epss 0.00

    A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-8781MedMay 18, 2026
    risk 0.21cvss 4.3epss 0.00

    A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to…

  • CVE-2026-42442LowMay 12, 2026
    risk 0.21cvss 3.3epss 0.00

    NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (inode 2) is set to IFLNK…

  • CVE-2026-3665LowMar 7, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null…

  • CVE-2026-3408MedMar 2, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is…

  • CVE-2026-3392LowMar 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to…

  • CVE-2026-3389LowMar 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been…

  • CVE-2026-3387LowMar 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit…

  • CVE-2026-2903LowFeb 22, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used.…

  • CVE-2026-2642LowFeb 18, 2026
    risk 0.21cvss 3.3epss 0.00

    A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit…

  • CVE-2025-15571LowFeb 10, 2026
    risk 0.21cvss 3.3epss 0.00

    A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has…

  • CVE-2026-1991LowFeb 6, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now…

  • CVE-2026-1990LowFeb 6, 2026
    risk 0.21cvss 3.3epss 0.00

    A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this…