CVEs classified under CWE-822, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-50165 — CVSS 9.8 (critical): Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2023-1437 — CVSS 9.8 (critical): All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent…
CVE-2026-48137 — CVSS 9.1 (critical): There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an…
CVE-2025-4993 — CVSS 9.1 (critical): Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects…
CVE-2025-1255 — CVSS 9.1 (critical): Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects…
CVE-2026-33120 — CVSS 8.8 (high): Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2025-62549 — CVSS 8.8 (high): Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2023-0184 — CVSS 8.8 (high): NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of…
CVE-2023-0189 — CVSS 8.8 (high): NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of…
CVE-2022-34890 — CVSS 8.8 (high): This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537)…
CVE-2020-27259 — CVSS 8.8 (high): The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an…
CVE-2020-26991 — CVSS 8.8 (high): A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected…
CVE-2020-17392 — CVSS 8.8 (high): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker…
CVE-2026-20738: Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may…
CVE-2026-40367 — CVSS 8.4 (high): Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code…
CVE-2026-33114 — CVSS 8.4 (high): Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-26113 — CVSS 8.4 (high): Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2024-36352 — CVSS 8.4 (high): Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to…
CVE-2025-20018 — CVSS 8.4 (high): Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of…
CVE-2025-24084 — CVSS 8.4 (high): Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
CVE-2024-34023 — CVSS 8.4 (high): Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of…
CVE-2024-40872 — CVSS 8.4 (high): There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07…
CVE-2023-42772 — CVSS 8.2 (high): Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable…
CVE-2026-45643 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45471 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40369 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32222 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-32077 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-27920 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-27919 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges…
CVE-2026-26112 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-21250 — CVSS 7.8 (high): Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21232 — CVSS 7.8 (high): Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-20956 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20955 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20948 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20940 — CVSS 7.8 (high): Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20938 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges…
CVE-2026-20857 — CVSS 7.8 (high): Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20811 — CVSS 7.8 (high): Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges…