Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2026-8587 HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8581 HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8580 CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-8575 HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8574 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8570 MEDIUM PATCH This Month

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8569 HIGH PATCH This Week

Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8557 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption Privilege Escalation Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8555 HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption RCE +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8554 LOW PATCH Monitor

Out-of-bounds memory write in Google Chrome's ANGLE graphics library (Windows only) enables attackers who have already compromised the renderer process to corrupt memory via specially crafted HTML pages. Chrome 148.0.7778.168 patches this type confusion vulnerability. Despite high Chromium severity rating, CVSS 3.1 scores only 3.1 due to prerequisite renderer compromise, high attack complexity, and required user interaction. EPSS 0.03% (10th percentile) and SSVC indicating no known exploitation suggest limited real-world risk at time of analysis.

Google Microsoft Information Disclosure Memory Corruption Chrome
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-8553 LOW PATCH Monitor

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-8551 HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8550 MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8549 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8548 HIGH PATCH This Week

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8544 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8542 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8540 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8533 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8530 HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8526 HIGH PATCH This Week

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8524 HIGH PATCH This Week

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8558 HIGH PATCH This Week

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8523 HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8522 HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8521 HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8518 HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8515 HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8514 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8513 HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8512 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8511 CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-43903 HIGH PATCH This Week

Heap buffer overflow in OpenImageIO's SGI image decoder allows arbitrary code execution via specially crafted .sgi files. Affects versions before 3.0.18.0 and 3.1.13.0 when processing malicious SGI images with invalid RLE compression parameters. Publicly available exploit code exists (SSVC POC status confirmed). Attack requires local file access and user interaction to open the malicious file, but CVSS 8.4 reflects high impact potential (code execution) in VFX/animation production environments where SGI format handling is common. EPSS data unavailable, not listed in CISA KEV.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-43904 HIGH PATCH This Week

Heap buffer overflow in OpenImageIO versions before 3.0.18.0 and 3.1.13.0 allows local attackers to corrupt up to 65,535 bytes of memory via malicious Softimage .pic files. The vulnerability arises when processing RLE-compressed images where run-length validation is missing in two code paths (softimageinput.cpp lines 469 and 345), though the raw packet path correctly implements bounds checking. EPSS data not available. Not listed in CISA KEV. Patches released by Academy Software Foundation in versions 3.0.18.0 and 3.1.13.0.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-0250 MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple Buffer Overflow Paloalto +2
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-0263 HIGH PATCH NEWS This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow Denial Of Service Paloalto +3
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-40701 MEDIUM PATCH This Month

Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Nginx Nginx Plus +1
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-39458 HIGH PATCH This Week

Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles on virtual servers. Remote unauthenticated attackers can crash TMM using undisclosed malicious traffic patterns, causing complete service disruption. CVSS 7.5 High severity with network vector and low complexity. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Vendor patch available per F5 K000160945.

Information Disclosure Memory Corruption Big Ip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-41218 HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP Policy Enforcement Manager (PEM) allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) via undisclosed traffic patterns when PEM-specific iRules are configured on a virtual server. The vulnerability is a use-after-free memory corruption issue (CWE-416) affecting CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and urlcatquery iRule commands. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates straightforward remote exploitation with high availability impact. EPSS data not provided, but F5 has released a vendor patch (K000160875). No public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Big Ip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-21018 MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

RCE Buffer Overflow Memory Corruption Samsung Mobile Devices
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-8336 HIGH PATCH This Week

Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.

Denial Of Service Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-8201 MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-8053 HIGH PATCH This Week

Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Buffer Overflow RCE Mongodb Server
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-65086 HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.

Memory Corruption Buffer Overflow RCE Cobalt Xenon +3
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-44215 MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.

Memory Corruption Buffer Overflow Nanazip
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-34676 HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34675 HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34661 HIGH This Week

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20714 HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption Privilege Escalation Intel
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34682 HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance3D Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34681 HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance3D Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34684 HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance3D Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34683 HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Substance3D Designer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34643 HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE After Effects
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34639 HIGH This Week

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34637 HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34638 HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Use After Free Memory Corruption RCE Premiere Pro
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34636 HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE Premiere Pro
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40418 HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40402 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-40382 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40361 HIGH PATCH NEWS Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40359 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40358 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-34340 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34338 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34337 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34332 HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-33835 HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42825 HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-41095 HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40419 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40415 HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40410 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-40408 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40406 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40366 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-40364 HIGH PATCH NEWS Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-35418 HIGH PATCH This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35417 HIGH PATCH Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-35416 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-34347 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K - GRFX) allows authenticated users with low privileges to achieve SYSTEM-level access through a use-after-free memory corruption vulnerability. Affects multiple Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security updates. The CVSS 7.0 (High) rating reflects high attack complexity (AC:H), requiring specific race condition timing or system state manipulation, though EPSS data is not yet available for this recently disclosed CVE.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34344 HIGH PATCH Exploit Unlikely This Week

Type confusion vulnerability in Windows Ancillary Function Driver for WinSock enables local authenticated users to escalate privileges to SYSTEM level on Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. Microsoft has released patches through their March 2026 security update cycle. The vulnerability requires low-privilege local access but no user interaction, making it a high-value target for post-compromise lateral movement and persistence. CVSS 7.8 reflects complete system compromise potential, though EPSS data and KEV status are not available for this future-dated CVE.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-34333 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem affects Windows 10 (1607 through 22H2), Windows 11 (all versions including 26H1 preview), and Windows Server 2012 through authenticated low-privileged local users exploiting a use-after-free memory corruption flaw. Microsoft has released security updates addressing this CWE-416 vulnerability with CVSS 7.8 severity. The local attack vector and low complexity (AC:L) indicate straightforward exploitation once local access is achieved, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33840 HIGH PATCH Exploit Likely This Week

Privilege escalation in Windows Win32K ICOMP component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 via a use-after-free memory corruption flaw. Low-privileged authenticated local attackers can exploit this to gain SYSTEM-level privileges with low attack complexity and no user interaction required. Microsoft has released patches addressing this vulnerability, tracked under MSRC guidance. No active exploitation or public exploit code has been identified at time of analysis, with EPSS data not yet available for this recent CVE.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53844 HIGH This Week

Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.

Fortinet Memory Corruption Buffer Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-27723 MEDIUM This Month

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Denial Of Service Use After Free Memory Corruption Linux Intel
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-20879 HIGH This Week

Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware Memory Corruption Intel
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-8390 HIGH PATCH This Week

Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.

Information Disclosure Use After Free Memory Corruption Mozilla
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44411 HIGH CISA Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
CVSS 4.0
7.3
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +6
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Out-of-bounds memory write in Google Chrome's ANGLE graphics library (Windows only) enables attackers who have already compromised the renderer process to corrupt memory via specially crafted HTML pages. Chrome 148.0.7778.168 patches this type confusion vulnerability. Despite high Chromium severity rating, CVSS 3.1 scores only 3.1 due to prerequisite renderer compromise, high attack complexity, and required user interaction. EPSS 0.03% (10th percentile) and SSVC indicating no known exploitation suggest limited real-world risk at time of analysis.

Google Microsoft Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenImageIO's SGI image decoder allows arbitrary code execution via specially crafted .sgi files. Affects versions before 3.0.18.0 and 3.1.13.0 when processing malicious SGI images with invalid RLE compression parameters. Publicly available exploit code exists (SSVC POC status confirmed). Attack requires local file access and user interaction to open the malicious file, but CVSS 8.4 reflects high impact potential (code execution) in VFX/animation production environments where SGI format handling is common. EPSS data unavailable, not listed in CISA KEV.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap buffer overflow in OpenImageIO versions before 3.0.18.0 and 3.1.13.0 allows local attackers to corrupt up to 65,535 bytes of memory via malicious Softimage .pic files. The vulnerability arises when processing RLE-compressed images where run-length validation is missing in two code paths (softimageinput.cpp lines 469 and 345), though the raw packet path correctly implements bounds checking. EPSS data not available. Not listed in CISA KEV. Patches released by Academy Software Foundation in versions 3.0.18.0 and 3.1.13.0.

Memory Corruption Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Buffer overflow in Palo Alto Networks GlobalProtect App (versions 6.0 through 6.3) allows an adjacent-network attacker positioned as a man-in-the-middle to corrupt memory during Portal/Gateway message processing, potentially executing arbitrary code with SYSTEM privileges on affected endpoints. Affected platforms include Windows (including the UWP variant), macOS, and other non-iOS clients; iOS is explicitly excluded by the vendor. No public exploit identified at time of analysis - EPSS stands at 0.01% and SSVC confirms no current exploitation - however the SSVC technical impact rating of 'total' and potential for full SYSTEM-level compromise justify prioritized patching for endpoints connecting from untrusted networks.

Memory Corruption RCE Apple +4
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.

Memory Corruption RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles on virtual servers. Remote unauthenticated attackers can crash TMM using undisclosed malicious traffic patterns, causing complete service disruption. CVSS 7.5 High severity with network vector and low complexity. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. Vendor patch available per F5 K000160945.

Information Disclosure Memory Corruption Big Ip
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP Policy Enforcement Manager (PEM) allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) via undisclosed traffic patterns when PEM-specific iRules are configured on a virtual server. The vulnerability is a use-after-free memory corruption issue (CWE-416) affecting CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and urlcatquery iRule commands. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates straightforward remote exploitation with high availability impact. EPSS data not provided, but F5 has released a vendor patch (K000160875). No public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Out-of-bounds memory write in MongoDB Server's time-series collection feature enables arbitrary code execution by authenticated users with database write privileges. Affects all active release branches (5.0 through 8.3) when exploiting field-name-to-index mapping inconsistencies in the time-series bucket catalog. EPSS score of 0.06% (20th percentile) suggests low widespread exploitation probability despite high CVSS 8.7, but requires authentication and database privileges, limiting attack surface to insider threats or compromised application credentials. No public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.

Memory Corruption Buffer Overflow RCE +5
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.

Memory Corruption Buffer Overflow Nanazip
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Microsoft Buffer Overflow Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Authentication Bypass Microsoft Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K - GRFX) allows authenticated users with low privileges to achieve SYSTEM-level access through a use-after-free memory corruption vulnerability. Affects multiple Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security updates. The CVSS 7.0 (High) rating reflects high attack complexity (AC:H), requiring specific race condition timing or system state manipulation, though EPSS data is not yet available for this recently disclosed CVE.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Type confusion vulnerability in Windows Ancillary Function Driver for WinSock enables local authenticated users to escalate privileges to SYSTEM level on Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-26H1), and Windows Server 2012. Microsoft has released patches through their March 2026 security update cycle. The vulnerability requires low-privilege local access but no user interaction, making it a high-value target for post-compromise lateral movement and persistence. CVSS 7.8 reflects complete system compromise potential, though EPSS data and KEV status are not available for this future-dated CVE.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem affects Windows 10 (1607 through 22H2), Windows 11 (all versions including 26H1 preview), and Windows Server 2012 through authenticated low-privileged local users exploiting a use-after-free memory corruption flaw. Microsoft has released security updates addressing this CWE-416 vulnerability with CVSS 7.8 severity. The local attack vector and low complexity (AC:L) indicate straightforward exploitation once local access is achieved, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Privilege escalation in Windows Win32K ICOMP component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 via a use-after-free memory corruption flaw. Low-privileged authenticated local attackers can exploit this to gain SYSTEM-level privileges with low attack complexity and no user interaction required. Microsoft has released patches addressing this vulnerability, tracked under MSRC guidance. No active exploitation or public exploit code has been identified at time of analysis, with EPSS data not yet available for this recent CVE.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge.

Fortinet Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Denial Of Service Buffer Overflow VMware +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
Prev Page 13 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy