Skip to main content

CWE-824

Access of Uninitialized Pointer

217 CVEs Avg CVSS 7.1 MITRE
9
CRITICAL
137
HIGH
60
MEDIUM
10
LOW
23
POC
1
KEV

Monthly

CVE-2022-46280 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44451 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-42885 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2026-53042 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use `module_init, so `cxl_pci_driver_init()` runs first. When `cxl_pci_probe()` calls `fwctl_register()` and then `device_add()`, fwctl_class is not yet registered because fwctl_init() hasn't run, causing `class_to_subsys()` to return NULL and skip knode_class initialization. On device removal, `class_to_subsys()` returns non-NULL, and `device_del()` calls `klist_del()` on the uninitialized knode, triggering a NULL pointer dereference.

Memory Corruption Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-47908 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47320 MEDIUM This Month

Uncontrolled recursion and uninitialized pointer access in Samsung's rlottie animation library allow a locally-delivered malicious Lottie file to crash any host application via stack exhaustion. All rlottie versions prior to commit eae37633fda13ac05b25c6c95aacea4bc33c80a3 are affected; the PR #593 fix confirms cyclic layer parent references in crafted JSON animation payloads as the definitive trigger. No public exploit code has been identified at time of analysis and rlottie is not listed in CISA KEV, though the high availability impact (A:H) makes denial-of-service reliable for applications that accept user-supplied animation content.

Information Disclosure Memory Corruption Samsung
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-42959 HIGH PATCH This Week

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.

Memory Corruption Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-39458 HIGH PATCH This Week

Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles on virtual servers. Remote unauthenticated attackers can crash TMM using undisclosed malicious traffic patterns, causing complete service disruption. CVSS 7.5 High severity with network vector and low complexity. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Vendor patch available per F5 K000160945.

Information Disclosure Memory Corruption Big Ip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44411 HIGH CISA Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-6524 MEDIUM PATCH This Month

Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use `module_init, so `cxl_pci_driver_init()` runs first. When `cxl_pci_probe()` calls `fwctl_register()` and then `device_add()`, fwctl_class is not yet registered because fwctl_init() hasn't run, causing `class_to_subsys()` to return NULL and skip knode_class initialization. On device removal, `class_to_subsys()` returns non-NULL, and `device_del()` calls `klist_del()` on the uninitialized knode, triggering a NULL pointer dereference.

Memory Corruption Denial Of Service Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Uncontrolled recursion and uninitialized pointer access in Samsung's rlottie animation library allow a locally-delivered malicious Lottie file to crash any host application via stack exhaustion. All rlottie versions prior to commit eae37633fda13ac05b25c6c95aacea4bc33c80a3 are affected; the PR #593 fix confirms cyclic layer parent references in crafted JSON animation payloads as the definitive trigger. No public exploit code has been identified at time of analysis and rlottie is not listed in CISA KEV, though the high availability impact (A:H) makes denial-of-service reliable for applications that accept user-supplied animation content.

Information Disclosure Memory Corruption Samsung
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.

Memory Corruption Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles on virtual servers. Remote unauthenticated attackers can crash TMM using undisclosed malicious traffic patterns, causing complete service disruption. CVSS 7.5 High severity with network vector and low complexity. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Vendor patch available per F5 K000160945.

Information Disclosure Memory Corruption Big Ip
NVD VulDB
EPSS 0% CVSS 7.3
HIGH Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Denial Of Service Red Hat +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy