Total
4784 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11550 | 1 Tenda | 2 W12, W12 Firmware | 2025-10-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2025-9166 | 1 Rockwellautomation | 2 Controllogix 5580, Controllogix 5580 Firmware | 2025-10-20 | N/A | 7.5 HIGH |
| A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller. | |||||
| CVE-2025-54270 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-17 | N/A | 5.5 MEDIUM |
| Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-46711 | 1 Imaginationtech | 1 Ddk | 2025-10-17 | N/A | 5.5 MEDIUM |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. | |||||
| CVE-2025-11011 | 1 Behaviortree | 1 Behaviortree | 2025-10-16 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue. | |||||
| CVE-2025-11013 | 1 Behaviortree | 1 Behaviortree | 2025-10-16 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2025-9548 | 2025-10-16 | N/A | 5.5 MEDIUM | ||
| A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error. | |||||
| CVE-2023-48183 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | N/A | 7.5 HIGH |
| QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. | |||||
| CVE-2025-42902 | 2025-10-14 | N/A | 5.3 MEDIUM | ||
| Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity. | |||||
| CVE-2025-9337 | 2025-10-14 | N/A | N/A | ||
| A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | |||||
| CVE-2024-1443 | 2 Microsoft, Msi | 2 Windows, Afterburner | 2025-10-14 | N/A | 4.4 MEDIUM |
| MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | |||||
| CVE-2025-11017 | 1 Ogre3d | 1 Ogre | 2025-10-08 | 1.7 LOW | 3.3 LOW |
| A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used. | |||||
| CVE-2025-44011 | 1 Qnap | 1 Qsync Central | 2025-10-08 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-44010 | 1 Qnap | 1 Qsync Central | 2025-10-08 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-44009 | 1 Qnap | 1 Qsync Central | 2025-10-08 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-44008 | 1 Qnap | 1 Qsync Central | 2025-10-08 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-47210 | 1 Qnap | 1 Qsync Central | 2025-10-08 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later | |||||
| CVE-2025-47213 | 1 Qnap | 2 Qts, Quts Hero | 2025-10-08 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later | |||||
| CVE-2025-47214 | 1 Qnap | 2 Qts, Quts Hero | 2025-10-08 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later | |||||
| CVE-2025-48726 | 1 Qnap | 2 Qts, Quts Hero | 2025-10-08 | N/A | 4.9 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later | |||||