CWE-476— NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.— MITRE CWE catalog
4,963 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 90 of 100
- CVE-2026-1417LOWCVSS 3.3EG 3.32026-01-26
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally…
- CVE-2026-14324MEDIUMCVSS 6.5EG 6.52026-07-01
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
- CVE-2026-14790LOWCVSS 3.3EG 3.32026-07-06
A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requir…
- CVE-2026-15171MEDIUMCVSS 5.5EG 5.52026-07-08
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-15184LOWCVSS 3.3EG 3.32026-07-09
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointe…
- CVE-2026-15352HIGHCVSS 7.5EG 7.52026-07-16
A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial …
- CVE-2026-15690LOWCVSS 3.1EG 3.12026-07-14
A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argumen…
- CVE-2026-1584HIGHCVSS 7.5EG 7.52026-04-09
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a…
- CVE-2026-1682MEDIUMCVSS 5.3EG 5.32026-01-30
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null point…
- CVE-2026-1739MEDIUMCVSS 5.3EG 5.32026-02-02
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to …
- CVE-2026-1973MEDIUMCVSS 5.3EG 5.32026-02-06
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The …
- CVE-2026-1975MEDIUMCVSS 5.3EG 5.32026-02-06
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit h…
- CVE-2026-1976MEDIUMCVSS 5.3EG 5.32026-02-06
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit…
- CVE-2026-1990LOWCVSS 3.3EG 3.32026-02-06
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local …
- CVE-2026-1991LOWCVSS 3.3EG 3.32026-02-06
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be …
- CVE-2026-20064MEDIUMCVSS 6.5EG 6.52026-03-04
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to…
- CVE-2026-20457MEDIUMCVSS 5.3EG 5.32026-07-01
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges nee…
- CVE-2026-2062MEDIUMCVSS 5.3EG 5.32026-02-06
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null …
- CVE-2026-20771MEDIUMCVSS 6.1EG 6.12026-05-12
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low …
- CVE-2026-20875HIGHCVSS 7.5EG 7.52026-01-13
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- CVE-2026-20914MEDIUMCVSS 5.5EG 5.52026-05-12
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low…
- CVE-2026-21243HIGHCVSS 7.5EG 7.52026-02-10
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2026-21288MEDIUMCVSS 5.5EG 5.52026-01-13
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disrupt…
- CVE-2026-21300MEDIUMCVSS 5.5EG 5.52026-01-13
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a …
- CVE-2026-21301MEDIUMCVSS 5.5EG 5.52026-01-13
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a …
- CVE-2026-21336MEDIUMCVSS 5.5EG 5.52026-02-10
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing di…
- CVE-2026-21338MEDIUMCVSS 5.5EG 5.52026-02-10
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing di…
- CVE-2026-21350MEDIUMCVSS 5.5EG 5.52026-02-10
After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to…
- CVE-2026-21485HIGHCVSS 8.8EG 8.82026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
- CVE-2026-21492MEDIUMCVSS 5.5EG 5.52026-01-06
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnera…
- CVE-2026-21496MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parse…
- CVE-2026-21497MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag pars…
- CVE-2026-21498MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator …
- CVE-2026-21499MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. Thi…
- CVE-2026-21502MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser.…
- CVE-2026-21503MEDIUMCVSS 6.1EG 6.12026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() i…
- CVE-2026-21506MEDIUMCVSS 5.5EG 5.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::Pars…
- CVE-2026-21525MEDIUMCVSS 6.2EG 9.0⚠ KEV2026-02-10
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
- CVE-2026-21680MEDIUMCVSS 6.5EG 6.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnera…
- CVE-2026-21688HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21689MEDIUMCVSS 6.5EG 6.52026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21691MEDIUMCVSS 5.4EG 5.42026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21901MEDIUMCVSS 4.4EG 4.42026-07-09
A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a …
- CVE-2026-22693MEDIUMCVSS 5.3EG 5.32026-01-10
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns …
- CVE-2026-22722MEDIUMCVSS 6.1EG 6.12026-02-26
A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the "Fixed version" column of the 'Res…
- CVE-2026-22899MEDIUMCVSS 6.5EG 6.52026-06-10
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the …
- CVE-2026-22976CVSS 0.0EG 5.52026-01-21
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset `qfq_class->leaf_qdisc->q.qlen > 0` does not imply that the class itself is active. …
- CVE-2026-22977MEDIUMCVSS 5.5EG 5.52026-01-21
In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, [1] unlike skbuff_head_cache which prope…
- CVE-2026-22981MEDIUMCVSS 5.5EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state un…
- CVE-2026-22982MEDIUMCVSS 5.5EG 5.52026-01-23
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the …
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →