CVE & Exploit Intelligence Database

CVE-2026-28547 6.8 MEDIUM EPSS 0.00

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.

CWE-824 Mar 05, 2026

CVE-2026-2805 9.8 CRITICAL EPSS 0.00

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

CWE-824 Feb 24, 2026

CVE-2026-2785 9.8 CRITICAL EPSS 0.00

Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

CWE-824 Feb 24, 2026

CVE-2026-1200 6.3 MEDIUM EPSS 0.00

A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.

CWE-824 Feb 18, 2026

CVE-2026-23761 1 Writeup EPSS 0.00

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.

CWE-824 Jan 22, 2026

CVE-2026-21276 7.8 HIGH EPSS 0.00

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE-824 Jan 13, 2026

CVE-2026-21275 7.8 HIGH EPSS 0.00

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE-824 Jan 13, 2026

CVE-2025-14739 EPSS 0.00

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316, ≤ WR941ND v6 3.16.9 Build 151203.

CWE-824 Dec 18, 2025

CVE-2025-66588 9.8 CRITICAL EPSS 0.00

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.

CWE-824 Dec 11, 2025

CVE-2025-13674 5.5 MEDIUM EPSS 0.00

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service

CWE-824 Nov 26, 2025

CVE-2025-13499 7.8 HIGH EPSS 0.00

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

CWE-824 Nov 21, 2025

CVE-2025-23352 7.8 HIGH EPSS 0.00

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CWE-824 Oct 23, 2025

CVE-2025-59478 7.5 HIGH EPSS 0.00

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-824 Oct 15, 2025

CVE-2025-59962 5.3 MEDIUM EPSS 0.00

An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS). With BGP sharding enabled, triggering route resolution of an indirect next-hop (e.g., an IGP route change over which a BGP route gets resolved), may cause rpd to crash and restart. An attacker causing continuous IGP route churn, resulting in repeated route re-resolution, will increase the likelihood of triggering this issue, leading to a potentially extended DoS condition. This issue affects: Junos OS: * all versions before 21.4R3-S6,  * from 22.1 before 22.1R3-S6,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2;  Junos OS Evolved:  * all versions before 22.3R3-S3-EVO,  * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R2-EVO. Versions before Junos OS 21.3R1 and Junos OS Evolved 21.3R1-EVO are unaffected by this issue.

CWE-824 Oct 09, 2025

CVE-2025-58777 7.8 HIGH EPSS 0.00

VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.

CWE-824 Oct 02, 2025

CVE-2025-1761 5.9 MEDIUM EPSS 0.00

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

CWE-824 Sep 08, 2025

CVE-2025-39729 5.5 MEDIUM EPSS 0.00

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix dereferencing uninitialized error pointer Fix below smatch warnings: drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked() error: we previously assumed 'error' could be null

CWE-824 Sep 07, 2025

CVE-2025-9274 7.8 HIGH EPSS 0.00

Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IMS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21657.

CWE-824 Sep 02, 2025

CVE-2025-32451 8.8 HIGH EPSS 0.00

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CWE-824 Aug 13, 2025

CVE-2025-54207 7.8 HIGH EPSS 0.00

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE-824 Aug 12, 2025