CWE-252: CWE-252
Yearly Trend
Top Affected Vendors
All CWE-252 CVEs (34)
A critical vulnerability in Fiber Utils library versions 2.0.0-rc.3 and below causes predictable UUID generation when the system's cryptographic rando...
Dec 9, 2025This vulnerability in the xcb Rust crate allows attackers to trigger undefined behavior by exploiting unsound UTF-8 validation. Applications using the...
Feb 9, 2021This CVE describes a documentation issue in glibc's tdelete function where the return value behavior when deleting a tree's root was unspecified. This...
Oct 6, 2020Apache Traffic Server fails to properly handle return values during startup, potentially allowing the service to retain elevated privileges it should ...
Nov 14, 2024This vulnerability in Go's elliptic curve cryptography library allows Curve.IsOnCurve to incorrectly return true for invalid field elements. This coul...
Feb 11, 2022An improper input validation vulnerability in certain Zoom Apps allows unauthenticated attackers to access sensitive information via network access. T...
Nov 19, 2024An unchecked return value vulnerability in SDM firmware for Intel Stratix 10 and Agilex 7 FPGAs allows authenticated attackers with adjacent network a...
May 16, 2024An unauthenticated attacker can send specially crafted DNS requests to Juniper SRX Series devices running vulnerable Junos OS versions, causing the fl...
Jan 15, 2026A NULL pointer dereference vulnerability in Wazuh's analysisd component allows a compromised agent to crash the manager by sending a specially crafted...
Oct 29, 2025A NULL pointer dereference vulnerability in Wazuh's fillData() function allows compromised agents to crash the analysisd service by sending specially ...
Oct 29, 2025This vulnerability allows attackers to cause denial of service by sending specific requests to BIG-IP Advanced WAF or ASM security policies, terminati...
Oct 15, 2025A Denial of Service vulnerability in Yokogawa's Dual-redundant Platform allows attackers to cause system restarts by flooding UDP broadcast packets. T...
Sep 17, 2024This vulnerability involves an unchecked return value in TLS handshake code in Mozilla products, which could cause a potentially exploitable crash. It...
Jan 23, 2024CVE-2023-25733 is a null pointer dereference vulnerability in Firefox's graphics subsystem where the return value from gfx::SourceSurfaceSkia::Map() w...
Jun 19, 2023This vulnerability in B&R APROL's Tbase server allows insufficient precondition checks when calling commands, potentially leading to Denial of Service...
Feb 8, 2023Parse Server versions before 4.10.12 and 5.2.3 crash when processing certain invalid file requests, causing denial of service. This affects all Parse ...
Jun 27, 2022CVE-2021-37625 is a denial-of-service vulnerability in Skytable database servers where incorrect error handling in socket acceptance causes the server...
Aug 5, 2021This vulnerability in libyang's ext_get_plugin() function allows a NULL pointer dereference when the revision parameter is NULL, causing a crash. It a...
May 20, 2021This vulnerability in libyang's read_yin_leaf() function allows a NULL pointer dereference when processing malformed YANG data. It affects systems usi...
May 20, 2021This vulnerability in libyang's read_yin_container() function allows a NULL pointer dereference when processing certain YANG data models. It affects s...
May 20, 2021This vulnerability allows an attacker with knowledge of a victim's credential ID to bypass two-factor authentication in GitLab by submitting forged de...
Jan 22, 2026This CVE addresses a false positive warning in the Linux kernel's MediaTek Command Queue mailbox driver during shutdown. The vulnerability doesn't all...
Jul 10, 2024A BIOS vulnerability in certain Lenovo ThinkPad models allows Secure Boot to be disabled even when configured as 'On' in User Mode. This affects L13 G...
Jan 14, 2026This CVE describes a fault injection vulnerability in the RsaPrivateDecryption function of WolfSSL, allowing a co-resident attacker on the same system...
Aug 29, 2024This vulnerability in Intel CSME firmware allows an attacker with physical access to potentially escalate privileges by exploiting an unchecked return...
Aug 14, 2024CVE-2026-21492 is a NULL pointer dereference vulnerability in iccDEV library versions before 2.3.1.2 that could cause application crashes or denial of...
Jan 6, 2026This CVE involves a missing NULL pointer check in the iwlwifi driver in the Linux kernel. If alloc_ordered_workqueue() fails and returns NULL, the dri...
Aug 19, 2025This CVE-2025-22026 is a Linux kernel vulnerability in the NFS server (nfsd) where error handling is missing when creating procfs entries. If svc_proc...
Apr 16, 2025This Linux kernel vulnerability in the BPF subsystem occurs when the bpf_prog_lock_ro() function fails to properly handle errors from set_memory_ro(),...
Jul 29, 2024A race condition vulnerability in the Linux kernel's binder driver could cause file descriptors to remain open indefinitely, potentially leading to pr...
May 21, 2024This vulnerability allows low-privileged attackers to manipulate memory size requests, causing the application to access invalid memory areas. This le...
Mar 5, 2025This CVE describes a memory allocation failure vulnerability in grub2's grub_extcmd_dispatcher() function. When memory allocation fails, a NULL pointe...
Feb 18, 2025This vulnerability allows a compromised Wazuh agent to crash the analysisd service on the Wazuh manager by sending a specially crafted message. It aff...
Nov 21, 2025This vulnerability allows authenticated privileged users on Brocade Fabric OS switches to cause a segmentation fault (crash) by executing a specific C...
Aug 31, 2023About CWE-252 (CWE-252)
Our database tracks 34 CVEs classified as CWE-252, with 5 rated critical and 17 rated high severity. The average CVSS score for CWE-252 vulnerabilities is 7.1.
External reference: View CWE-252 on MITRE CWE →
Monitor CWE-252 Vulnerabilities
Get alerted when new CWE-252 CVEs affect your infrastructure.
Start Monitoring Free