CVE-2021-27029

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service...

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flbmalloc return value is not validated by flbavro.c or httpserver/api/v1/metrics.c...

OESA-2026-1786 audiofile security update

The Audio File Library is a C-based library for reading and writing audio files in many common formats. Security Fixes: In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial ...

OESA-2026-1782 audiofile security update

The Audio File Library is a C-based library for reading and writing audio files in many common formats. Security Fixes: In Audio File Library aka audiofile 0.3.6, there exists one NULL pointer dereference bug in ulaw2linearbuf in G711.cpp in libmodules.a that allows an attacker to cause a denial ...

OESA-2026-1773 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

OESA-2026-1759 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug...

OESA-2026-1736 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

CLSA-2026-1774605210 expat: Fix of 2 CVEs

CVE-2026-32777: fix infinite loop while parsing DTD content - CVE-2026-32778: fix NULL pointer dereference in setContext on retry after OOM...

SUSE SLES12 Security Update : frr (SUSE-SU-2026:1057-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1057-1 advisory. - CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. - CVE-2025-61100: NULL Pointer Dereference in FRRouting bsc1252829. -...

Important: libtiff

Issue Overview: libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144 Affected Packages: libtiff...

CVE-2026-23396

A flaw was found in the Linux kernel's mac80211 component. An adjacent attacker can exploit this by sending a specially crafted Channel Switch Announcement CSA action frame. This frame, containing a valid Mesh ID Information Element IE but lacking a Mesh Configuration IE, can trigger a NULL point...

CVE-2026-24641

A NULL Pointer Dereference vulnerability CWE-476 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP...

CVE-2026-28886

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may ...

CVE-2026-26829

A NULL pointer dereference in the safeatou64 function src/misc.c of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service DoS via sending a series of crafted HTTP requests to the server...

CVE-2026-26828

A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2026-25168

Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally...

CVE-2026-21363

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

CVE-2026-21364

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

CVE-2026-27215

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...

CVE-2026-27217

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...