CVEs classified under CWE-824, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2009-0846 — CVSS 10.0 (critical): The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5)…
CVE-2007-2442 — CVSS 10.0 (critical): The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute…
CVE-2026-2805 — CVSS 9.8 (critical): Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVE-2026-2785 — CVSS 9.8 (critical): Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2022-46280 — CVSS 9.8 (critical): A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3…
CVE-2022-44451 — CVSS 9.8 (critical): A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A…
CVE-2022-42885 — CVSS 9.8 (critical): A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A…
CVE-2021-36219 — CVSS 9.8 (critical): An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a…
CVE-2020-11138 — CVSS 9.8 (critical): Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability…
CVE-2020-25573 — CVSS 9.8 (critical): An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a…
CVE-2020-17446 — CVSS 9.8 (critical): asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a…
CVE-2018-14356 — CVSS 9.8 (critical): An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
CVE-2018-11743 — CVSS 9.8 (critical): The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a…
CVE-2017-12561 — CVSS 9.8 (critical): A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
CVE-2010-1818 — CVSS 9.3 (critical): The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote…
CVE-2006-6143 — CVSS 9.3 (critical): The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other…
CVE-2018-19857 — CVSS 9.1 (critical): The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing…
CVE-2025-32451 — CVSS 8.8 (high): A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted…
CVE-2022-34480 — CVSS 8.8 (high): Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been…
CVE-2020-8882 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User…
CVE-2019-12870 — CVSS 8.8 (high): An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC…
CVE-2019-0853 — CVSS 8.8 (high): A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka…
CVE-2018-14282 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User…
CVE-2018-9981 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User…
CVE-2018-10484 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User…
CVE-2018-3842 — CVSS 8.8 (high): An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A…
CVE-2017-16378 — CVSS 8.8 (high): An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions…
CVE-2017-16377 — CVSS 8.8 (high): An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions…
CVE-2016-4343 — CVSS 8.8 (high): The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink…
CVE-2016-1005 — CVSS 8.8 (high): Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe…
CVE-2019-1869 — CVSS 8.6 (high): A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could…
CVE-2007-4000 — CVSS 8.5 (high): The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5…
CVE-2023-30847 — CVSS 8.2 (high): H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP…
CVE-2022-31599 — CVSS 8.2 (high): NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an…
CVE-2020-12300 — CVSS 8.2 (high): Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged…
CVE-2018-16522 — CVSS 8.1 (high): Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
CVE-2020-10060 — CVSS 8.0 (high): In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the…
CVE-2026-47908 — CVSS 7.8 (high): Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…
CVE-2026-44411 — CVSS 7.8 (high): A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to…
CVE-2026-21276 — CVSS 7.8 (high): InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…
CVE-2026-21275 — CVSS 7.8 (high): InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…
CVE-2025-66588 — CVSS 7.8 (high): In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which…
CVE-2025-23352 — CVSS 7.8 (high): NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access…
CVE-2025-58777 — CVSS 7.8 (high): VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file…
CVE-2025-54207 — CVSS 7.8 (high): InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…
CVE-2025-47121 — CVSS 7.8 (high): Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in…