Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53405)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2026-0943 HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hbsrc.tar.gz in the source tarball, which is affected by CVE-2026-22693...

CVE-2026-0943 HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hbsrc.tar.gz in the source tarball, which is affected by CVE-2026-22693...

Adobe Substance 3D Modeler null pointer dereference vulnerability (CNVD-2026-11768)

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...

MiracleLinux 8 : openssl-1.1.1g-15.el8 (AXSA:2021-1621:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1621:02 advisory. openssl: NULL pointer dereference in signaturealgorithms processing CVE-2021-3449 openssl: CA certificate check bypass with X509VFLAGX509STRICT...

MiracleLinux 7 : libxml2-2.9.1-6.4.0.1.el7.AXS7 (AXSA:2020-016:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-016:01 advisory. libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2016-5131 libxml2: Use after free in...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-62848)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build...

Adobe Substance 3D Modeler Null Pointer Dereference Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2025-15535 nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2025-15535 nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

SUSE CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

CVE-2025-60007

A NULL Pointer Dereference vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service DoS. When a user executes the 'show chassis' command with specifically crafted options, chassisd...

OESA-2026-1075 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in archpreparekprobe I found a null pointer reference in archpreparekprobe: echo 'p cmdlineprocshow' kprobeevents ech...

OESA-2026-1070 fluidsynth security update

FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use...

OESA-2026-1069 fluidsynth security update

FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use...

SUSE CVE-2025-68818

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to qla2x00abortallcmds to call sp-done without...

MiracleLinux 7 : binutils-2.27-34.base.el7 (AXSA:2018-3397:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3397:04 advisory. binutils: Improper bounds check in coffgen.c:coffpointerizeaux allows for denial of service when parsing a crafted COFF file CVE-2018-7208 binutils:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003719 advisory. An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver...