Total
5451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40227 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-04-15 | 6.2 Medium |
| In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. | ||||
| CVE-2024-11499 | 2026-04-15 | 4.9 Medium | ||
| A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | ||||
| CVE-2025-0696 | 2026-04-15 | 5.3 Medium | ||
| A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input. | ||||
| CVE-2025-60019 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 3.7 Low |
| glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location. | ||||
| CVE-2024-3186 | 1 Embedthis | 1 Goahead | 2026-04-15 | 5.3 Medium |
| CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates. | ||||
| CVE-2025-2487 | 1 Redhat | 4 Directory Server, Directory Server Eus, Enterprise Linux and 1 more | 2026-04-15 | 4.9 Medium |
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. | ||||
| CVE-2025-11156 | 2 Microsoft, Netskope | 2 Windows, Netskope | 2026-04-15 | N/A |
| Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash (Blue-Screen-of-Death) and resulting in a Denial of Service (DoS) for the affected machine. | ||||
| CVE-2023-51391 | 1 Silabs | 1 Gecko Software Development Kit | 2026-04-15 | 7.5 High |
| A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | ||||
| CVE-2025-31115 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.5 High |
| XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. | ||||
| CVE-2024-34044 | 2026-04-15 | 5.3 Medium | ||
| The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. | ||||
| CVE-2025-13425 | 1 Google | 1 Osv-scalibr | 2026-04-15 | 3.3 Low |
| A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR. | ||||
| CVE-2025-33237 | 1 Nvidia | 5 Driver, Geforce, Nvs and 2 more | 2026-04-15 | 5.5 Medium |
| NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service. | ||||
| CVE-2025-25471 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | 4.3 Medium |
| FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. | ||||
| CVE-2024-41883 | 2026-04-15 | N/A | ||
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2024-39130 | 1 Wangf1978 | 1 Dumpts | 2026-04-15 | 7.5 High |
| A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. | ||||
| CVE-2024-47586 | 1 Sap | 1 Netweaver Abap Application Server | 2026-04-15 | 5.3 Medium |
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. | ||||
| CVE-2025-32818 | 2026-04-15 | 7.5 High | ||
| A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | ||||
| CVE-2025-23300 | 1 Nvidia | 1 Display Driver | 2026-04-15 | 5.5 Medium |
| NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2023-45925 | 1 Midnight Commander | 1 Midnight Commander | 2026-04-15 | N/A |
| GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). | ||||
| CVE-2025-9548 | 2 Lenovo, Microsoft | 2 Power Management Driver, Windows | 2026-04-15 | 5.5 Medium |
| A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error. | ||||