CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

CVE-2026-7259

CVE-2026-7259 describes a NULL pointer dereference in PHP due to a mismatch between Oniguruma and mbfl encoding lists, exploitable when user-controlled input influences the encoding passed to mb_regex_encoding(). The issue affects PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21,...

CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

openSUSE 16 Security Update : mozjs128 (openSUSE-SU-2026:20674-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20674-1 advisory. - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value...

VulnCheck KEV: CVE-2025-32818

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service DoS condition...

openSUSE 16 Security Update : frr (openSUSE-SU-2026:20682-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20682-1 advisory. Security issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. - CVE-2025-61100: NULL Pointer Dereference in FRRouting...

OESA-2026-2254 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

SUSE CVE-2025-71291

In the Linux kernel, the following vulnerability has been resolved: misc: bcmvk: Fix possible null-pointer dereferences in bcmvkread In the function bcmvkread, the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause...

SUSE CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016783 advisory. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. Tenable has extracted the preceding description block directly...

CVE-2026-43431

A flaw was found in the Linux kernel's xhci host controller driver. This vulnerability occurs when the number of port registers counted in xhci-maxports is greater than the ports reported by Supported Protocol capabilities. This can lead to a NULL pointer dereference, causing a kernel crash and...

CVE-2026-43416

A flaw was found in the Linux kernel. A local user can cause a denial of service DoS by triggering a NULL pointer dereference within the perf subsystem. This occurs when the memory management structure current-mm is prematurely released before the system attempts to retrieve the user callchain,...

CVE-2026-43401

A flaw was found in the Linux kernel's intelpstate component. This vulnerability arises when the system is booted with the "nosmt" parameter, causing a critical error known as a null pointer dereference in the updatecpuqosrequest function. Such an error can lead to system instability and...

CVE-2026-43367

A flaw was found in the Linux kernel's drm/amd component. This vulnerability allows a local attacker to cause a Denial of Service DoS by triggering a NULL pointer dereference during device cleanup on unsupported hardware. This can lead to system instability or a crash, impacting the availability ...

CVE-2026-43364

A flaw was found in the Linux kernel's ublk subsystem. A local user can trigger a NULL pointer dereference by sending an UPDATESIZE command to a ublk device that has been added but not yet started, or one that has been stopped. This occurs due to insufficient state validation before dereferencing...

CLSA-2026-1778254552 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

EUVD-2026-28707

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

EUVD-2026-28719

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

EUVD-2026-28662

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...