Total
5704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24194 | 1 Robdns | 1 Robdns | 2026-04-15 | 7.5 High |
| robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. | ||||
| CVE-2024-52546 | 1 Lorextechnology | 1 W461asc-e Firmware | 2026-04-15 | 5.3 Medium |
| An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | ||||
| CVE-2024-41883 | 2026-04-15 | N/A | ||
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2023-28827 | 2026-04-15 | 5.9 Medium | ||
| A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. This could allow a remote attacker to cause a denial of service condition in the system. | ||||
| CVE-2025-2956 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20080 | 1 Intel | 1 Intel Amt And Intel Standard Manageability | 2026-04-15 | 6.8 Medium |
| Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-1241 | 2026-04-15 | 5.5 Medium | ||
| Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver. | ||||
| CVE-2024-34952 | 1 Taurusxin | 1 Ncmdump | 2026-04-15 | 5 Medium |
| taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file. | ||||
| CVE-2023-46048 | 1 Tug | 1 Tex Live | 2026-04-15 | 6.2 Medium |
| Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. | ||||
| CVE-2024-37890 | 2 Redhat, Websockets | 3 Openshift Data Foundation, Rhdh, Ws | 2026-04-15 | 7.5 High |
| ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied. | ||||
| CVE-2023-46051 | 2026-04-15 | 3.3 Low | ||
| TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. | ||||
| CVE-2025-4002 | 2026-04-15 | 5.5 Medium | ||
| A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-50432 | 2026-04-15 | 5.3 Medium | ||
| simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service (daemon crash) by sending a DHCP packet without any option fields, which causes free_packet in dhcp_packet.c to dereference a NULL pointer. | ||||
| CVE-2024-56430 | 2026-04-15 | 2.9 Low | ||
| OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | ||||
| CVE-2024-9472 | 1 Paloaltonetworks | 1 Pan-os | 2026-04-15 | N/A |
| A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1 | ||||
| CVE-2024-35492 | 1 Cesanta | 1 Mongoose | 2026-04-15 | 7.5 High |
| Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet. | ||||
| CVE-2024-10037 | 2026-04-15 | 4.4 Medium | ||
| A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | ||||
| CVE-2025-40779 | 1 Isc | 1 Kea | 2026-04-15 | 7.5 High |
| If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0. | ||||
| CVE-2025-30195 | 1 Powerdns | 1 Recursor | 2026-04-15 | 7.5 High |
| An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention. | ||||
| CVE-2025-0121 | 1 Paloaltonetworks | 1 Cortex Xdr Agent | 2026-04-15 | N/A |
| A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it. | ||||