Linux Distros Unpatched Vulnerability : CVE-2026-45835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb. CVE-2026-458...

Linux Distros Unpatched Vulnerability : CVE-2026-45943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O...

PT-2026-43833

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17 through 6.17 Description A NULL pointer dereference occurs in the unix needs revalidation function when receiving file descriptors via SCM RIGHTS. During socket setup or teardown, both the socket pointer and the...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

PT-2026-43680

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the bareudp fill metadata dst function. The function passes bareudp-sock to udp tunnel6 dst lookup in the IPv6 path without performing a NULL check...

CVE-2025-70116

CVE-2025-70116 affects GPAC MP4Box. A NULL pointer dereference occurs when parsing certain truncated MP4 files with an unknown/invalid stsd entry, leading to missing descriptor fields (e.g., codec/mime/profile strings). gf_media_map_esd then calls strlen() on a NULL pointer, triggering a crash (A...

CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2025-71307

drm/panthor: Fix NULL pointer dereference on panthorfwunplug...

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

JLSEC-2026-539

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability...

JLSEC-2026-551

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

JLSEC-2026-547

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server CVE-2026-8834, CVE-2026-8852, CVE-2026-8856, CVE-2026-8850, CVE-2026-8854, CVE-2026-8855, CVE-2026-8835, CVE-2026-45186, CVE-2026-9170. Vulnerability Details CVEID:CVE-2026-8850 DESCRIPTION:...

CVE-2026-9567

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

CVE-2026-7450

A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...

CVE-2026-9567

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

UBUNTU-CVE-2026-9567

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

CVE-2026-9567

GPAC MP4Box (up to version 2.4.0) houses a vulnerability in isomedia/isom_intern.c: MergeFragment, where input handling can trigger a null pointer dereference. Exploitation is local, and a public PoC/exploit exists; this confirms practical risk under local access conditions. The patch is identifi...

CVE-2026-9567 GPAC MP4Box isom_intern.c MergeFragment null pointer dereference

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...