Monthly
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.
Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Null pointer dereference in Windows Active Directory Domain Services (AD DS) enables a low-privileged authenticated attacker to crash the service remotely, causing denial of service across the affected domain. The flaw spans a wide range of Windows client and server releases, from Windows 10 version 1607 through Windows 11 version 26H1 and Windows Server 2012 through 2025. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis, though the network-accessible attack surface and low privilege requirement lower the bar for abuse in environments with broad domain user access.
NULL pointer dereference in Zephyr RTOS's syscall verifier allows an unprivileged user-mode thread to crash the kernel across the userspace security boundary. The z_vrfy_k_thread_name_copy() verification handler in kernel/thread.c incorrectly guards against the caller-supplied thread pointer being NULL rather than the ko pointer returned by k_object_find(), so any non-NULL but unregistered address bypasses the check and triggers a supervisor-mode NULL dereference that halts or reboots the system. Affecting Zephyr v2.0.0 through v4.4.0 when built with CONFIG_USERSPACE and CONFIG_THREAD_NAME enabled, no public exploit code and no CISA KEV listing have been identified at time of analysis, but the one-syscall reproducibility makes this straightforward to trigger in qualifying builds.
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.
Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl process that parses it. Four helper functions (basicC, ia5string, auth_att, keyid_data) dereference NULL pointers returned by OpenSSL's X509V3_EXT_d2i() on unparseable extensions - and keyid_data/auth_att additionally deref an akid->keyid field that is legitimately NULL for an empty Authority Key Identifier (DER 30 00). There is no public exploit identified at time of analysis, but the fix commit and a clear crash mechanism are published; CVSS is 7.5 (availability-only).
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.
Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Null pointer dereference in Windows Active Directory Domain Services (AD DS) enables a low-privileged authenticated attacker to crash the service remotely, causing denial of service across the affected domain. The flaw spans a wide range of Windows client and server releases, from Windows 10 version 1607 through Windows 11 version 26H1 and Windows Server 2012 through 2025. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis, though the network-accessible attack surface and low privilege requirement lower the bar for abuse in environments with broad domain user access.
NULL pointer dereference in Zephyr RTOS's syscall verifier allows an unprivileged user-mode thread to crash the kernel across the userspace security boundary. The z_vrfy_k_thread_name_copy() verification handler in kernel/thread.c incorrectly guards against the caller-supplied thread pointer being NULL rather than the ko pointer returned by k_object_find(), so any non-NULL but unregistered address bypasses the check and triggers a supervisor-mode NULL dereference that halts or reboots the system. Affecting Zephyr v2.0.0 through v4.4.0 when built with CONFIG_USERSPACE and CONFIG_THREAD_NAME enabled, no public exploit code and no CISA KEV listing have been identified at time of analysis, but the one-syscall reproducibility makes this straightforward to trigger in qualifying builds.
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.
Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl process that parses it. Four helper functions (basicC, ia5string, auth_att, keyid_data) dereference NULL pointers returned by OpenSSL's X509V3_EXT_d2i() on unparseable extensions - and keyid_data/auth_att additionally deref an akid->keyid field that is legitimately NULL for an empty Authority Key Identifier (DER 30 00). There is no public exploit identified at time of analysis, but the fix commit and a clear crash mechanism are published; CVSS is 7.5 (availability-only).