Linux Distros Unpatched Vulnerability : CVE-2026-10298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. T...

MiracleLinux 8 : php:8.2 (AXSA:2026-752:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-752:01 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

Oracle Linux 8 : compat-openssl10 (ELSA-2026-22315)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22315 advisory. 1.1.0.2o-4.2 - Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing Resolves: RHEL-165754 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-46034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in...

PT-2026-46032

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the k230 pinctrl driver during the probing process when parsing the devicetree. The issue arises within the k230 pinctrl parse functions function,...

CVE-2025-60477

Summary: CVE-2025-60477 arises from a NULL pointer dereference in GPAC Project/MP4Box, specifically in the function gf_filter_pid_resolve_file_template_ex (file: filter_core/filter_pid.c). The issue affects MP4Box builds prior to version 26.02.0 and allows an attacker to cause a Denial of Service...

CVE-2025-60477

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

Important: Red Hat Security Advisory: php8.4 security update

An update for php8.4 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2026-8035

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

RLSA-2026:22312 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...

USN-8374-1 linux-aws-6.17, linux-gcp, linux-gcp-6.17 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

EUVD-2026-33991

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

CVE-2026-8035 NULL pointer dereference in NI-PAL

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

CVE-2026-8035

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

CVE-2026-8035 NULL pointer dereference in NI-PAL

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

CVE-2026-10197

A flaw was found in Assimp. A local user with access to the system could exploit a null pointer dereference vulnerability in the glTF2Importer::ImportEmbeddedTextures function. This flaw could lead to a Denial of Service DoS, making the application unavailable. Mitigation Users should avoid...

CVE-2026-10199

A flaw was found in Assimp. A local attacker could trigger a null pointer dereference by manipulating an argument in the glTF2::LazyDict function. This vulnerability, located in the glTF2Asset.h library, could lead to an application crash, resulting in a denial of service DoS. Mitigation Mitigati...