Monthly
Denial of service in NASA's Core Flight System (cFS) Health & Safety (HS) application allows a remote attacker to crash the application through a NULL pointer dereference triggered while processing a routine Housekeeping Telemetry request. All HS versions prior to v7.0.1 are affected; the crash produces a segmentation fault that halts the health-monitoring task. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a CISA ICS advisory (ICSA-26-197-03) and vendor-tagged fix release exist.
Nil pointer dereference in CoreDNS prior to 1.14.5 allows remote unauthenticated attackers to crash or degrade the DNS server by sending a single ordinary DNS query. The rewrite plugin's edns0 response rules dereference the result of IsEdns0() without a nil check; when a downstream plugin returns a response lacking an OPT record, the ResponseReverter panics, returning SERVFAIL in default deployments or terminating the CoreDNS process entirely when the debug directive is active. No public exploit code has been identified and the issue is fixed in v1.14.5.
Remote denial of service in CoreDNS versions prior to 1.14.4 allows an unauthenticated attacker to crash the DNS server with a single 28-byte UDP datagram when the proxyproto plugin is enabled. The malformed PROXY protocol v2 header triggers a nil pointer dereference in the PacketConn.ReadFrom log path, killing the process before per-request recovery can intervene. No public exploit identified at time of analysis, though the fixing PR includes a reproducer test that encodes the exact crashing byte sequence; not listed in CISA KEV.
Deterministic nil-pointer dereference in Envoy Gateway's gatewayapi runner allows a low-privileged tenant to permanently stall controller-wide xDS and Infrastructure IR publishing by submitting a single malformed CRD. Any tenant with namespace-scoped RBAC permission to create SecurityPolicy and TCPRoute resources can trigger a panic on every reconcile cycle by omitting the spec.authorization field, requiring administrator intervention to restore control-plane operations. No exploitation confirmed in the wild (not in CISA KEV); patches are available in versions 1.7.4 and 1.8.1.
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.
Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in NASA's Core Flight System (cFS) Health & Safety (HS) application allows a remote attacker to crash the application through a NULL pointer dereference triggered while processing a routine Housekeeping Telemetry request. All HS versions prior to v7.0.1 are affected; the crash produces a segmentation fault that halts the health-monitoring task. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a CISA ICS advisory (ICSA-26-197-03) and vendor-tagged fix release exist.
Nil pointer dereference in CoreDNS prior to 1.14.5 allows remote unauthenticated attackers to crash or degrade the DNS server by sending a single ordinary DNS query. The rewrite plugin's edns0 response rules dereference the result of IsEdns0() without a nil check; when a downstream plugin returns a response lacking an OPT record, the ResponseReverter panics, returning SERVFAIL in default deployments or terminating the CoreDNS process entirely when the debug directive is active. No public exploit code has been identified and the issue is fixed in v1.14.5.
Remote denial of service in CoreDNS versions prior to 1.14.4 allows an unauthenticated attacker to crash the DNS server with a single 28-byte UDP datagram when the proxyproto plugin is enabled. The malformed PROXY protocol v2 header triggers a nil pointer dereference in the PacketConn.ReadFrom log path, killing the process before per-request recovery can intervene. No public exploit identified at time of analysis, though the fixing PR includes a reproducer test that encodes the exact crashing byte sequence; not listed in CISA KEV.
Deterministic nil-pointer dereference in Envoy Gateway's gatewayapi runner allows a low-privileged tenant to permanently stall controller-wide xDS and Infrastructure IR publishing by submitting a single malformed CRD. Any tenant with namespace-scoped RBAC permission to create SecurityPolicy and TCPRoute resources can trigger a panic on every reconcile cycle by omitting the spec.authorization field, requiring administrator intervention to restore control-plane operations. No exploitation confirmed in the wild (not in CISA KEV); patches are available in versions 1.7.4 and 1.8.1.
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.
Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.