EUVD-2026-1871

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

CVE-2026-22693 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

CVE-2026-0731

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-1816

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A flaw exists in Apache NimBLE where missing validation of an HCI connection complete or HCI command TX buffer can result in a NULL pointer dereference. This issue requires disabled asserts and ...

HarfBuzz 安全漏洞

HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...

PT-2026-1781

Name of the Vulnerable Software and Affected Versions lief-project LIEF versions up to 0.17.1 Description A security flaw exists in LIEF, specifically within the ELF Binary Parser component. The issue resides in the Parser::parse binary function located in the file src/ELF/Parser.tcc. This...

CVE-2025-56225

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file...

OESA-2026-1022 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2023-29996

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...

CVE-2023-45913

Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId. This vulnerability is triggered when the X11 server sends an DRI2BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is ...

CVE-2023-45931

Mesa 23.0.4 was discovered to contain a NULL pointer dereference in checkxshm for the haserror state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated...

CVE-2018-12247

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrbclass, related to certain .clone usage, because mrbobjclone in kernel.c copies flags other than the MRBFLAGISFROZEN flag e.g., the embedded flag...

CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2018-4276

A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6...

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...

CVE-2009-4332

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service NULL pointer dereference and application termination via unspecified vectors...

CVE-2009-4501

The zbxgetnextfield function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service crash via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword...

CVE-2009-4500

The processtrap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service crash via a crafted request with data that lacks an expected : colon separator, which triggers a NULL pointer dereference...

CVE-2003-1568

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an invalid URL, related to the websSafeUrl function...

CVE-2021-33440

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is NULL pointer dereference in mjsbcodecommit in mjs.c...