ALPINE-CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

EUVD-2025-34919

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

PT-2024-29615 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A flaw has been found that allows for remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur, causing the NVR...

SUSE CVE-2017-14767

The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...

CVE-2007-3529

CVE-2007-3529 affects videos.php in PHPDirector 0.21 and earlier. The vulnerability allows remote attackers to obtain sensitive information by sending an empty value for the id[] parameter, which triggers an error message that reveals the path. Affected software is PHPDirector (videos.php) with v...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...