CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

PT-2026-48345

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

CVE-2026-3776

CVE-2026-3776 is a null pointer dereference in Foxit PDF Editor/Reader when handling stamp annotations that lack appearance (AP) data. The affected code dereferences the related object without checking for null/valid AP data, allowing a crafted PDF to crash the application and cause a denial of s...

CVE-2026-23002

In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use kernelread for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemapreadfolio". For the sleepable context, convert freader to use kernelread instead of direct page cache...

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

FastAPI Users 跨站请求伪造漏洞

FastAPI Users is a customizable user management interface from FastAPI Users open source. A cross-site request forgery vulnerability exists in FastAPI Users versions prior to 15.0.2, which stems from stateless OAuth login status tokens and missing correlation data, which could lead to login CSRF...

CVE-2023-53787

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: fix null pointer deref with partial DT config When some of the da9063 regulators do not have corresponding DT nodes a null pointer dereference occurs on boot because such regulators have no initdata causing the...

SUSE CVE-2023-53787

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: fix null pointer deref with partial DT config When some of the da9063 regulators do not have corresponding DT nodes a null pointer dereference occurs on boot because such regulators have no initdata causing the...

CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

EUVD-2025-36494

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

PT-2025-49067

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the Socket Communication Transport Protocol SCTP. Specifically, a potential NULL dereference can occur when a chunk data buffer is missing. T...

CVE-2025-55091

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxippacketreceive function when received an Ethernet with type set as IP but no IP data...

CVE-2025-55091

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxippacketreceive function when received an Ethernet with type set as IP but no IP data...

CVE-2025-55091

CVE-2025-55091 affects NetX Duo prior to 6.4.4 (Eclipse ThreadX networking stack). The issue is an out-of-bounds read in _nx_ip_packet_receive() when an Ethernet frame has type IP but carries no IP data. This is a software defect in the networking support module, with possible impact on affected ...

AZL-71918 CVE-2023-53424 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix ofiomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtkclksimpleprobe warn: 'base' from ofiomap not released on lines: 496. This problem was also found in linux-next. In mtkclksimpleprobe, ba...

PT-2025-38443

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the mtk clk simple probe function within the MediaTek clock driver drivers/clk/mediatek/clk-mtk.c. Specifically, the memory allocated by of iom...

CVE-2022-49472 net: phy: micrel: Allow probing without .driver_data

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driverdata Currently, if the .probe element is present in the phydriver structure and the .driverdata is not, a NULL pointer dereference happens. Allow passing .probe without .driverdata b...

PT-2025-7260 · Git +1 · Wavpack

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: get word, unpack samples, and...