Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2019-25695 HIGH POC This Week

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25691 HIGH POC This Week

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Faleemi Desktop Software
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25689 HIGH POC This Week

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Html5 Video Player
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-5495 HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution when victims open crafted project files. The vulnerability stems from insufficient validation during PDSPRJ file processing, allowing buffer overflow conditions that permit arbitrary code execution with victim's privileges. Exploitation requires user interaction-opening a malicious PDSPRJ file or visiting attacker-controlled web content. CVSS 7.8 (High) reflects local attack vector with no privileges required but mandatory user interaction. No public exploit identified at time of analysis. Affects all versions per available CPE data.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5494 HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5493 HIGH This Week

Out-of-bounds write during PDSPRJ file parsing in Labcenter Electronics Proteus enables remote code execution when users open malicious project files. Attackers exploit insufficient input validation to write beyond allocated buffer boundaries, executing arbitrary code with victim's privileges. Requires user interaction (opening crafted PDSPRJ file). CWE-787 memory corruption vulnerability. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-5496 HIGH This Week

Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicious project files. Attackers exploit insufficient validation during file parsing to trigger memory corruption, achieving arbitrary code execution with victim user privileges. Requires social engineering to deliver weaponized PDSPRJ files via email, web download, or file sharing. Publicly available exploit code exists (ZDI advisory disclosure). CVSS 7.8 reflects local attack vector requiring user interaction but no authentication.

RCE Memory Corruption Proteus
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-6069 HIGH PATCH This Week

Stack-based buffer overflow in NASM's disasm() function enables unauthenticated denial-of-service when processing malicious assembly input. Attacker-controlled disassembly formatting triggers out-of-bounds write when string length exceeds buffer capacity, causing application crash. Affects NASM assembler version 3.02rc5. Publicly available exploit code exists. CVSS 7.5 (High) reflects network-accessible attack vector requiring no privileges or user interaction, with availability impact only.

Buffer Overflow Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6068 CRITICAL PATCH Act Now

NASM up to version 3.02rc5 contains a heap use-after-free vulnerability in response file (-@) processing that allows remote attackers without authentication to cause data corruption or denial of service. The vulnerability arises from a dangling pointer stored in the global depend_file variable that is dereferenced after the response-file buffer has been freed. A proof-of-concept exploit exists, and CISA's SSVC framework rates this as automatable with partial technical impact, indicating moderate real-world risk despite the relatively modest CVSS score of 6.5.

Denial Of Service Use After Free Memory Corruption Nasm
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-6067 MEDIUM PATCH This Month

Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. Publicly available exploit code exists. Impacts NASM users assembling untrusted input files, particularly automated build systems and development environments processing external assembly code.

RCE Denial Of Service Buffer Overflow Memory Corruption Nasm
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-5460 MEDIUM PATCH This Month

Heap use-after-free in wolfSSL's TLS 1.3 post-quantum cryptography hybrid KeyShare processing allows unauthenticated remote attackers to corrupt heap memory and potentially disclose information. The vulnerability occurs when TLSX_KeyShare_ProcessPqcHybridClient() error handling prematurely frees a KyberKey object in src/tls.c, and the caller's subsequent TLSX_KeyShare_FreeAll() invocation writes zero bytes to already-freed memory. CVSS 6.3 reflects low integrity and availability impact; exploitation requires precise network timing (AT:P). No public exploit identified at time of analysis, but the underlying use-after-free pattern is a known attack vector in memory-unsafe code.

Use After Free Memory Corruption Information Disclosure Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5503 MEDIUM This Month

Buffer overflow in WolfSSL's TLSX_SNI_Write function allows remote unauthenticated attackers to corrupt memory by sending a specially crafted TLS ClientHello with ECH (Encrypted Client Hello) and SNI extension data. The vulnerability occurs when TLSX_EchChangeSNI unconditionally sets extensions even when no inner SNI is configured, causing attacker-controlled SNI data to be written 255 bytes beyond the allocated buffer boundary during ClientHello serialization. CVSS 6.9 indicates moderate integrity and availability impact with low attack complexity.

Memory Corruption Buffer Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34734 HIGH PATCH This Week

Heap use-after-free in HDF5 h5dump utility allows local attackers to achieve arbitrary code execution when processing malicious HDF5 files. Affects HDF5 versions 1.14.1-2 and earlier from HDFGroup. Attacker must convince user to open crafted file (user interaction required, CVSS UI:R). Unauthenticated attack vector enables high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis. Vulnerability stems from premature deallocation in H5D__typeinfo_term followed by unsafe reference in H5T__conv_struct memmove operation.

Memory Corruption Information Disclosure Use After Free Hdf5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35195 Cargo MEDIUM PATCH GHSA This Month

Wasmtime prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 allows authenticated remote attackers to corrupt memory by providing malicious realloc return values during string transcoding between WebAssembly components, enabling writes to arbitrary memory locations up to 4GiB away from linear memory base. On default configurations with 4GiB virtual memory reservation and guard pages, exploitation typically triggers process abort via unmapped memory access; however, configurations with reduced memory reservation and disabled guard pages risk corruption of host data structures or other guest linear memories.

Memory Corruption Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-34983 LIB LOW PATCH GHSA Monitor

Wasmtime 43.0.0 contains a use-after-free vulnerability in the Linker cloning mechanism that allows host embedders to trigger memory corruption through a specific sequence of API calls: cloning a wasmtime::Linker, dropping the original instance, and then using the cloned instance. This vulnerability is not exploitable by guest WebAssembly programs and requires deliberate misuse of the host API. The flaw is fixed in Wasmtime 43.0.1. Despite the use-after-free nature (CWE-416), the CVSS 4.0 score of 1.0 reflects the extremely limited attack surface: physical or local access is required (AV:P), attack complexity is high (AC:H), high privilege level is needed (PR:H), and user interaction is required (UI:A), resulting in minimal confidentiality, integrity, and availability impact.

Memory Corruption Information Disclosure Use After Free Wasmtime
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-5442 CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows unauthenticated remote code execution via malformed DICOM images. Attackers exploit integer overflow during frame size calculation by submitting DICOM files with dimension fields encoded as Unsigned Long (UL) instead of Unsigned Short (US), causing out-of-bounds memory access during image decoding. CVSS 9.8 (Critical) with network-accessible attack vector requiring no authentication or user interaction. EPSS score 2% (percentile 4%) suggests low observed exploitation probability despite critical severity. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5443 CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to achieve arbitrary code execution by sending specially crafted PALETTE COLOR DICOM images. The flaw stems from integer overflow during 32-bit width×height multiplication in pixel length validation, causing bounds checks to incorrectly pass and enabling out-of-bounds memory read/write operations. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. EPSS exp

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5444 HIGH This Week

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows local attackers to corrupt data or crash the service via maliciously crafted PAM images embedded in DICOM files. The vulnerability stems from integer overflow during buffer size calculation when multiplying image dimensions with 32-bit arithmetic, leading to undersized heap allocation followed by oversized writes during pixel processing. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability; no public exploit code or active exploitation confirmed at time of analysis.

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34757 MEDIUM PATCH This Month

Use-after-free in libpng 1.0.9 through 1.6.56 allows local attackers to leak heap memory and corrupt PNG chunk metadata by passing a pointer from png_get_PLTE, png_get_tRNS, or png_get_hIST directly into the corresponding setter function on the same structure, exploiting a freed buffer dereference. The vulnerability enables information disclosure and silent data corruption with low attack complexity and no user interaction required; fixed in version 1.6.57.

Use After Free Information Disclosure Memory Corruption Libpng
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-5914 HIGH PATCH This Week

Type confusion vulnerability in Google Chrome CSS engine (versions prior to 147.0.7727.55) enables heap corruption through malicious extensions. Attacker must convince user to install crafted Chrome extension, then exploit triggers memory corruption allowing high-severity impacts: arbitrary code execution, information disclosure, and denial of service. CVSS 8.8 rating reflects unauthenticated network vector requiring only user interaction. No public exploit identified at time of analysis. Chromium project classifies severity as Low despite critical CVSS score, indicating successful exploitation barriers beyond user interaction.

Memory Corruption Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5904 HIGH PATCH This Week

Heap corruption via malicious Chrome extension exploits use-after-free flaw in V8 JavaScript engine, affecting Chrome versions prior to 147.0.7727.55. Attacker must convince user to install a crafted extension to achieve potential remote code execution with high confidentiality, integrity, and availability impact. EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity; no CISA KEV listing or public exploit code identified at time of analysis. Despite high CVSS 8.8

Denial Of Service Use After Free Google Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5883 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5877 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 147.0.7727.55 through a use-after-free vulnerability in the browser's navigation component. Remote attackers can execute arbitrary code by delivering a specially crafted HTML page that triggers memory corruption when a user visits the malicious site. EPSS probability of 0.04% indicates low observed exploitation activity, and no CISA KEV listing confirms this is not confirmed actively exploited at time of analysis. Google has released patches in Chrome 147.0.7727.55.

Denial Of Service RCE Google Memory Corruption Use After Free +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5874 CRITICAL PATCH Act Now

Use-after-free vulnerability in Google Chrome's PrivateAI component (versions prior to 147.0.7727.55) enables sandbox escape when remote attackers socially engineer victims into performing specific UI interactions with malicious HTML pages. Exploitation requires user engagement with attacker-controlled content but no authentication. CVSS 9.6 critical severity reflects potential for complete compromise of confidentiality, integrity, and availability with scope change indicating sandbox boundary violation. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.03%).

Denial Of Service Memory Corruption Google Use After Free Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5872 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 147.0.7727.55) allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox by delivering a malicious HTML page that triggers a use-after-free vulnerability. While rated High severity (CVSS 8.8) due to complete confidentiality/integrity/availability impact, EPSS scoring places exploitation probability at only 4% (11th percentile), indicating low observed targeting in the wild. No confirmed active exploitation (not in CISA KEV) and no public proof-of-concept identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5871 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser sandbox via a maliciously crafted HTML page exploiting a type confusion vulnerability in the V8 JavaScript engine. With CVSS 8.8 (High), network-based attack vector requiring only user interaction, and available vendor patch, this represents a significant but contained threat. EPSS score of 0.04% (11th percentile) indicates low observed exploitation probability, and no active exploitation or public POC is identified at time of analysis. The sandbox containment limits initial impact severity compared to full system compromise.

Memory Corruption Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5866 HIGH PATCH This Week

Remote code execution in Google Chrome Media component (versions prior to 147.0.7727.55) enables unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages. Exploitation requires user interaction to visit a malicious site. The use-after-free memory corruption vulnerability achieves high confidentiality, integrity, and availability impact within the sandboxed environment. No public exploit identified at time of analysis.

Google RCE Memory Corruption Denial Of Service Use After Free +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5865 HIGH PATCH This Week

Remote code execution within Chrome's V8 JavaScript sandbox affects Google Chrome versions prior to 147.0.7727.55 through a type confusion vulnerability. Attackers can execute arbitrary code by convincing users to visit a malicious webpage, requiring no authentication. Vendor-released patch available (Chrome 147.0.7727.55). No public exploit identified at time of analysis, with EPSS probability at 0.04% (11th percentile) indicating low observed exploitation likelihood despite high CVSS score of 8.8.

Memory Corruption Google RCE Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5861 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 147.0.7727.55) allows unauthenticated remote attackers to execute arbitrary code within the sandbox by exploiting a use-after-free memory corruption vulnerability through a malicious HTML page. User interaction (visiting a crafted website) is required. No public exploit identified at time of analysis, with EPSS probability at 4% (11th percentile), indicating relatively low immediate exploitation risk despite high CVSS severity.

Memory Corruption Denial Of Service Use After Free RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5860 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows unauthenticated remote attackers to execute arbitrary code within the browser sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the WebRTC component. The attack requires user interaction (visiting a malicious page). EPSS probability is low (0.03%, 10th percentile), and no public exploit or active exploitation (KEV) has been identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free RCE Google +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27144 Go HIGH PATCH This Week

Memory corruption in Go compiler cmd/compile versions before 1.25.9 and 1.26.0-1.26.1 allows local authenticated attackers to achieve integrity compromise and denial of service. A flaw in pointer unwrapping logic during memory move operations causes the compiler to incorrectly assess overlapping memory regions, potentially corrupting compiled binaries. EPSS score of 0.01% indicates minimal real-world exploitation probability, and no public exploit or active exploitation (non-KEV) has been identified at time of analysis.

Buffer Overflow Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31789 CRITICAL PATCH CISA Act Now

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Memory Corruption OpenSSL Buffer Overflow RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28387 HIGH PATCH CISA This Week

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.

Memory Corruption Use After Free Denial Of Service RCE OpenSSL
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32862 HIGH PATCH This Week

Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or information disclosure when users open malicious VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity reflects high impact potential, though exploitation requires user interaction to open a crafted file. No public exploit identified at time of analysis, with EPSS data unavailable for this recently assigned CVE. Local attack vector limits remote exploitation scenarios.

Memory Corruption Information Disclosure Buffer Overflow RCE Labview
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-32861 HIGH PATCH This Week

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when processing maliciously crafted .lvclass files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open the weaponized file (CVSS AV:L/UI:P). No public exploit identified at time of analysis, though the vendor advisory confirms the vulnerability and provides remediation guidance.

Memory Corruption Information Disclosure Buffer Overflow RCE Labview
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-32860 HIGH PATCH This Week

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open a specially crafted .lvlib project library file (CVSS 8.5, AV:L/PR:N/UI:P). No public exploit identified at time of analysis. EPSS data not available, but the local attack vector and user interaction requirement significantly limit immediate mass exploitation risk despite high CVSS score.

Memory Corruption Information Disclosure Buffer Overflow RCE Labview
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-39316 MEDIUM PATCH This Month

Local denial of service and potential remote code execution in OpenPrinting CUPS 2.4.16 and prior occurs when the scheduler (cupsd) deletes temporary printers without expiring associated subscriptions, leaving dangling pointers in memory that are subsequently dereferenced. An unauthenticated local attacker can crash the cupsd daemon or, with heap grooming techniques, achieve arbitrary code execution on systems running affected CUPS versions.

Denial Of Service Use After Free RCE Memory Corruption Red Hat +1
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-33816 Go CRITICAL PATCH GHSA Act Now

Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33815 Go CRITICAL PATCH GHSA Act Now

Remote memory-safety vulnerability in github.com/jackc/pgx/v5 (Go PostgreSQL driver) enables unauthenticated attackers to achieve arbitrary code execution, information disclosure, and denial of service via network vectors. The flaw affects the pgproto3 protocol implementation subpackage with critical-severity CVSS 9.8 scoring. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis. Vulnerability allows complete compromise of confidentiality, integrity, and availability without user interaction or elevated privileges.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35554 Maven HIGH PATCH GHSA This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache Use After Free Deserialization +3
NVD HeroDevs
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-5735 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.

Memory Corruption Buffer Overflow Mozilla RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5734 CRITICAL PATCH Act Now

Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.

Memory Corruption Buffer Overflow Mozilla RCE Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-20433 HIGH This Week

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-controlled rogue cellular base stations. The vulnerability affects over 60 MediaTek chipset models widely deployed in smartphones and IoT devices, exploitable by adjacent network attackers without authentication (CVSS:3.1 AV:A/PR:N). While EPSS scores this at only 6% exploitation probability (18th percentile) and no active exploitation is confirmed at time of analysis, the attack s

Buffer Overflow Privilege Escalation Memory Corruption Mediatek Chipset
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20432 HIGH This Week

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment connects to an attacker-controlled rogue cellular base station. Affects 57 MediaTek chipset models across MT67xx, MT68xx, MT69xx, MT87xx, and MT27xx families used in mobile devices. Authentication not required (CVSS PR:N) but requires adjacent network access and user interaction to connect to malicious base station. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis, though vendor patch MOLY01406170 has been released per April 2026 MediaTek security bulletin.

Buffer Overflow Privilege Escalation Memory Corruption Mediatek Chipset
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-62818 CRITICAL Act Now

Out-of-bounds write in Samsung Exynos chipsets (processors 980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, wearables W920/W930/W1000, modems 5123/5300/5400) allows unauthenticated remote attackers to achieve arbitrary code execution via malformed SMS TP-UD packets. Exploitation occurs through TP-UDHI/UDL value mismatch during SMS message parsing, enabling network-level attacks without user interaction. No public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Samsung
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-21380 HIGH This Week

Local privilege escalation via use-after-free in Qualcomm Snapdragon video memory management allows authenticated attackers with low privileges to achieve complete system compromise. The vulnerability exists in deprecated DMABUF IOCTL interfaces used for direct memory access buffer operations. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE. Qualcomm addressed this in their April 2026 security bulletin.

Memory Corruption Buffer Overflow Use After Free Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47374 MEDIUM This Month

Memory corruption via use-after-free in Qualcomm Snapdragon SDK occurs when concurrent fence deregistration and signal handling operations access freed memory, allowing authenticated local attackers with low privileges to achieve information disclosure and integrity/availability compromise. CVSS 6.5 reflects local attack vector with high complexity; no public exploit code or active exploitation confirmed at time of analysis.

Use After Free Memory Corruption Buffer Overflow Snapdragon
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31408 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth SCO subsystem allows adjacent network attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability exists in sco_recv_frame() which releases a lock on conn->sk without holding a socket reference, creating a race condition where concurrent close() operations can free the socket before subsequent access. Vendor patches available across multiple stable kernel versions (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0-rc6). EPSS score of 0.01% suggests minimal observed exploitation probability despite high CVSS 8.8 rating. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31407 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly. Quoting the reporter: nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE value directly to ct->proto.sctp.state without checking that it is within the valid range. [..] and: ... with exp->dir = 100, the access at ct->master->tuplehash[100] reads 5600 bytes past the start of a 320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by UBSAN.

Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25681 HIGH POC This Week

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Xlight
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25679 HIGH POC This Week

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Realterm
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2019-25670 HIGH POC This Week

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE River Past Video Cleaner
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25667 MEDIUM POC This Month

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Taskinfo
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25666 MEDIUM POC This Month

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Spotauditor
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25665 MEDIUM POC This Month

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service River Past Ringtone Converter
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25661 MEDIUM POC This Month

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Remote Process Explorer
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25660 MEDIUM POC This Month

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Lanhelper
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25659 MEDIUM POC This Month

ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Asprunner Professional
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25658 MEDIUM POC This Month

a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mac Address Change
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25656 HIGH POC This Week

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE R I386
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25256 MEDIUM POC This Month

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ip Tools
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2018-25255 HIGH POC This Week

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Strike Lanstate
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2018-25254 CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Nico Ftp
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2018-25253 MEDIUM POC This Month

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Termite
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25252 MEDIUM POC This Month

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Ftp Voyager
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25251 HIGH POC This Week

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Snes9K 0 0 9Z
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2016-20050 MEDIUM POC This Month

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Netschedscan
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34764 npm LOW PATCH GHSA Monitor

Use-after-free in Electron's offscreen rendering with GPU shared textures allows local attackers with high privileges to cause memory corruption or application crashes by invoking the texture release callback after its backing native state has been freed. The vulnerability affects Electron versions before 42.0.0-alpha.5, 41.1.0, 40.8.5, and 39.8.5, and only impacts applications explicitly enabling shared-texture offscreen rendering via webPreferences.offscreen.useSharedTexture: true.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-35559 HIGH PATCH This Week

Out-of-bounds write vulnerability in Amazon Athena ODBC driver (pre-2.1.0.0) allows remote attackers to crash the driver through specially crafted query data, requiring user interaction to process malicious queries. Affected versions include all Amazon Athena ODBC driver releases before 2.1.0.0 across Windows, Linux, and macOS platforms. CVSS 7.1 (High) reflects network-based attack with low complexity but requires user interaction (UI:P) and impacts only availability (VA:H). No public exploit identified at time of analysis. Vendor-released patch version 2.1.0.0 is available for all supported platforms with direct download links provided in AWS security bulletin 2026-013.

Buffer Overflow Memory Corruption Amazon Athena Odbc Driver
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-31402 CRITICAL PATCH Act Now

Heap overflow in Linux kernel NFSv4.0 LOCK replay cache allows unauthenticated remote attackers to corrupt kernel memory by triggering a denial-of-service or potential code execution. The vulnerability exists in nfsd4_encode_operation() which copies encoded LOCK responses up to 1024 bytes into a fixed 112-byte inline buffer without bounds checking, resulting in up to 944 bytes of slab-out-of-bounds writes. Exploitation requires two cooperating NFSv4.0 clients but no special privileges; upstream fixes are available across multiple stable kernel branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31401 HIGH PATCH This Week

Buffer overflow in Linux kernel HID-BPF subsystem allows arbitrary return values from dispatch_hid_bpf_raw_requests() to overflow the hid_hw_request buffer without validation. The vulnerability affects all Linux kernel versions with HID-BPF support; attackers with the ability to load or influence BPF programs targeting HID devices can trigger memory corruption. No CVSS score, EPSS data, or confirmed active exploitation has been assigned at time of analysis.

Linux Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31399 HIGH PATCH This Week

Use-after-free in the Linux kernel's nvdimm/bus subsystem allows local privileged users to potentially trigger memory corruption when device_add() fails during nd_async_device_register() asynchronous initialization. The flaw stems from the parent device reference being dropped before the parent pointer is accessed on allocation failure paths. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31396 HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel's Cadence MAC (macb) driver allows local attackers to read freed memory via ethtool get_ts_info calls on PTP-capable network interfaces. The PTP clock is registered when the interface opens and destroyed when it closes, but the ethtool handler can still access it after deallocation, causing a kernel memory access violation. No active exploitation confirmed; patch available in stable kernel releases.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31389 HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel SPI controller registration allows local attackers to trigger unclocked register accesses and potential information disclosure when per-CPU statistics allocation fails during controller initialization. The vulnerability affects all Linux kernel versions and is fixed via proper driver core deregistration on allocation failure; no CVSS score or active exploitation data available at time of analysis.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23462 HIGH PATCH This Week

Use-after-free vulnerability in the Linux kernel's Bluetooth HIDP subsystem allows local attackers to trigger a kernel crash or potentially execute arbitrary code by failing to properly release L2CAP connection references when user callbacks are invoked. The flaw affects all Linux kernel versions in the CPE range and has been resolved through reference counting fixes in the L2CAP connection cleanup path; no public exploit code is currently identified, but the vulnerability requires local access to trigger via Bluetooth device manipulation.

Linux Debian Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23461 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth L2CAP layer allows local attackers to cause denial of service or potentially execute code via a race condition in l2cap_unregister_user(). The vulnerability arises because l2cap_register_user() and l2cap_unregister_user() access conn->users without proper locking (conn->lock), while l2cap_conn_del() protects the same structure with conn->lock, creating concurrent access to freed memory. All Linux kernel versions with Bluetooth L2CAP support are affected. Patch available via Linux stable kernel commits.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23458 HIGH PATCH This Week

Use-after-free in Linux kernel netfilter ctnetlink module allows local attackers to read freed kernel memory by triggering multiple-round netlink dump operations on conntrack expectations, exploiting improper reference counting in ctnetlink_dump_exp_ct() that drops conntrack references before the dump callback completes. The vulnerability requires local network namespace access and CAP_NET_ADMIN capability but enables information disclosure of kernel heap contents via KASAN-detected slab-use-after-free on ct->ext dereference.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23454 HIGH PATCH This Week

Use-after-free in Linux kernel MANA hardware channel teardown (net/mana driver) allows concurrent interrupt handlers to dereference freed memory in mana_hwc_destroy_channel(), potentially causing NULL pointer dereference or memory corruption. The vulnerability stems from improper teardown ordering where hwc->caller_ctx is freed before CQ/EQ IRQ handlers are fully synchronized, affecting all Linux kernel versions with the MANA driver. Fixes are available across stable kernel branches via upstream commit reordering.

Linux Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23450 CRITICAL PATCH Act Now

NULL dereference and use-after-free in the Linux kernel's SMC (Shared Memory Communications) socket implementation occur when smc_tcp_syn_recv_sock() races with socket close operations, allowing a local attacker to trigger a kernel panic via concurrent manipulation of TCP SYN handling and SMC listen socket closure. The vulnerability affects the Linux kernel across multiple versions via the net/smc subsystem and is addressed through RCU-protected access and refcount validation rather than lock-based serialization.

Linux Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23432 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's mshv (Microsoft Hyper-V) driver allows local attackers to trigger a kernel panic by unmapping user memory after a failed mshv_map_user_memory() call. The error path incorrectly calls vfree() without unregistering the associated MMU notifier, leaving a dangling reference that fires when userspace performs subsequent memory operations. This is a memory safety issue affecting the Hyper-V virtualization subsystem in the Linux kernel.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23428 CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd SMB server allows local or remote attackers to read freed memory and potentially achieve denial of service or code execution via compound SMB2 requests that reuse a tree connection after it has been disconnected and its associated share_conf structure freed. The vulnerability exists because smb2_get_ksmbd_tcon() bypasses state validation checks when reusing connections in compound requests, enabling subsequent commands to dereference already-freed share_conf pointers. No CVE severity metrics are available, but KASAN confirms memory corruption is triggered in smb2_write operations during tree disconnect sequences.

Linux Use After Free Ubuntu Memory Corruption Authentication Bypass +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23427 CRITICAL PATCH Act Now

Use-after-free in Linux kernel's ksmbd SMB server allows remote attackers to crash the kernel or potentially execute code via malicious SMB2 DURABLE_REQ_V2 replay operations. The vulnerability occurs when parse_durable_handle_context() unconditionally reassigns file handle connection pointers during replay operations, causing stale pointer dereferences when the reassigned connection is subsequently freed. A KASAN report confirms the use-after-free in spin_lock operations during file descriptor closure, triggered during SMB2 connection handling in the ksmbd-io workqueue. No public exploit code or active exploitation has been confirmed at time of analysis.

Linux Use After Free Ubuntu Memory Corruption Information Disclosure +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23422 HIGH PATCH This Week

Interrupt storm in Linux kernel dpaa2-switch driver occurs when a bounds check rejects an out-of-bounds if_id in the IRQ handler but fails to clear the interrupt status, causing repeated spurious interrupts. This denial-of-service condition affects the NXP DPAA2 Ethernet switch driver on systems running vulnerable Linux kernel versions. An attacker with the ability to trigger malformed frames or hardware state transitions could exhaust CPU resources through interrupt flooding.

Linux Google Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35541 PHP MEDIUM PATCH GHSA This Month

Type confusion in Roundcube Webmail's password plugin allows authenticated users to change passwords without knowing the old password, affecting versions before 1.5.14 and 1.6.14. The vulnerability stems from incorrect password comparison logic that enables privilege escalation within an authenticated session. While the CVSS score of 4.2 reflects moderate severity and the requirement for prior authentication, the impact is direct account compromise for any authenticated user.

Information Disclosure Memory Corruption Webmail
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-34774 npm HIGH PATCH GHSA This Week

Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. EPSS data not available; no public exploit identified at time of analysis. Fixed versions released by vendor.

Use After Free Memory Corruption Buffer Overflow Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-34772 npm MEDIUM PATCH GHSA This Month

Use-after-free in Electron framework allows memory corruption when native save-file dialogs remain open during session teardown. Affected Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.7 enable local attackers with UI interaction to trigger freed memory dereference via downloaded files, potentially causing application crashes or memory corruption. Only applications that programmatically destroy sessions at runtime and permit downloads are vulnerable; no public exploit code or active exploitation has been identified.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-34771 npm HIGH PATCH GHSA This Week

Use-after-free in Electron framework allows memory corruption when handling fullscreen, pointer-lock, or keyboard-lock permission requests in apps with asynchronous `session.setPermissionRequestHandler()` callbacks. Affects npm package electron versions prior to 41.0.0-beta.8, 40.7.0, 39.8.0, and 38.8.6. Remote attackers can trigger memory corruption or crashes if the requesting frame navigates or window closes while the permission handler is pending. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available across all affected major version branches.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34770 npm HIGH PATCH GHSA This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft Apple Buffer Overflow
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-43236 LOW PATCH Monitor

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Apple Information Disclosure Memory Corruption
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43210 MEDIUM PATCH This Month

Out-of-bounds memory access in Apple media processing affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, allowing remote attackers to trigger unexpected application termination or memory corruption through maliciously crafted media files. The vulnerability requires user interaction (opening/playing the malicious file) but no authentication. Apple has released patched versions for all affected platforms with CVSS 6.3 (moderate severity) and no public exploitation identified at time of analysis.

Apple Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
EPSS 0% CVSS 8.6
HIGH POC This Week

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution when victims open crafted project files. The vulnerability stems from insufficient validation during PDSPRJ file processing, allowing buffer overflow conditions that permit arbitrary code execution with victim's privileges. Exploitation requires user interaction-opening a malicious PDSPRJ file or visiting attacker-controlled web content. CVSS 7.8 (High) reflects local attack vector with no privileges required but mandatory user interaction. No public exploit identified at time of analysis. Affects all versions per available CPE data.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write during PDSPRJ file parsing in Labcenter Electronics Proteus enables remote code execution when users open malicious project files. Attackers exploit insufficient input validation to write beyond allocated buffer boundaries, executing arbitrary code with victim's privileges. Requires user interaction (opening crafted PDSPRJ file). CWE-787 memory corruption vulnerability. No public exploit identified at time of analysis.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicious project files. Attackers exploit insufficient validation during file parsing to trigger memory corruption, achieving arbitrary code execution with victim user privileges. Requires social engineering to deliver weaponized PDSPRJ files via email, web download, or file sharing. Publicly available exploit code exists (ZDI advisory disclosure). CVSS 7.8 reflects local attack vector requiring user interaction but no authentication.

RCE Memory Corruption Proteus
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack-based buffer overflow in NASM's disasm() function enables unauthenticated denial-of-service when processing malicious assembly input. Attacker-controlled disassembly formatting triggers out-of-bounds write when string length exceeds buffer capacity, causing application crash. Affects NASM assembler version 3.02rc5. Publicly available exploit code exists. CVSS 7.5 (High) reflects network-accessible attack vector requiring no privileges or user interaction, with availability impact only.

Buffer Overflow Memory Corruption Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

NASM up to version 3.02rc5 contains a heap use-after-free vulnerability in response file (-@) processing that allows remote attackers without authentication to cause data corruption or denial of service. The vulnerability arises from a dangling pointer stored in the global depend_file variable that is dereferenced after the response-file buffer has been freed. A proof-of-concept exploit exists, and CISA's SSVC framework rates this as automatable with partial technical impact, indicating moderate real-world risk despite the relatively modest CVSS score of 6.5.

Denial Of Service Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. Publicly available exploit code exists. Impacts NASM users assembling untrusted input files, particularly automated build systems and development environments processing external assembly code.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap use-after-free in wolfSSL's TLS 1.3 post-quantum cryptography hybrid KeyShare processing allows unauthenticated remote attackers to corrupt heap memory and potentially disclose information. The vulnerability occurs when TLSX_KeyShare_ProcessPqcHybridClient() error handling prematurely frees a KyberKey object in src/tls.c, and the caller's subsequent TLSX_KeyShare_FreeAll() invocation writes zero bytes to already-freed memory. CVSS 6.3 reflects low integrity and availability impact; exploitation requires precise network timing (AT:P). No public exploit identified at time of analysis, but the underlying use-after-free pattern is a known attack vector in memory-unsafe code.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer overflow in WolfSSL's TLSX_SNI_Write function allows remote unauthenticated attackers to corrupt memory by sending a specially crafted TLS ClientHello with ECH (Encrypted Client Hello) and SNI extension data. The vulnerability occurs when TLSX_EchChangeSNI unconditionally sets extensions even when no inner SNI is configured, causing attacker-controlled SNI data to be written 255 bytes beyond the allocated buffer boundary during ClientHello serialization. CVSS 6.9 indicates moderate integrity and availability impact with low attack complexity.

Memory Corruption Buffer Overflow Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap use-after-free in HDF5 h5dump utility allows local attackers to achieve arbitrary code execution when processing malicious HDF5 files. Affects HDF5 versions 1.14.1-2 and earlier from HDFGroup. Attacker must convince user to open crafted file (user interaction required, CVSS UI:R). Unauthenticated attack vector enables high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis. Vulnerability stems from premature deallocation in H5D__typeinfo_term followed by unsafe reference in H5T__conv_struct memmove operation.

Memory Corruption Information Disclosure Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Wasmtime prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 allows authenticated remote attackers to corrupt memory by providing malicious realloc return values during string transcoding between WebAssembly components, enabling writes to arbitrary memory locations up to 4GiB away from linear memory base. On default configurations with 4GiB virtual memory reservation and guard pages, exploitation typically triggers process abort via unmapped memory access; however, configurations with reduced memory reservation and disabled guard pages risk corruption of host data structures or other guest linear memories.

Memory Corruption Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Wasmtime 43.0.0 contains a use-after-free vulnerability in the Linker cloning mechanism that allows host embedders to trigger memory corruption through a specific sequence of API calls: cloning a wasmtime::Linker, dropping the original instance, and then using the cloned instance. This vulnerability is not exploitable by guest WebAssembly programs and requires deliberate misuse of the host API. The flaw is fixed in Wasmtime 43.0.1. Despite the use-after-free nature (CWE-416), the CVSS 4.0 score of 1.0 reflects the extremely limited attack surface: physical or local access is required (AV:P), attack complexity is high (AC:H), high privilege level is needed (PR:H), and user interaction is required (UI:A), resulting in minimal confidentiality, integrity, and availability impact.

Memory Corruption Information Disclosure Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows unauthenticated remote code execution via malformed DICOM images. Attackers exploit integer overflow during frame size calculation by submitting DICOM files with dimension fields encoded as Unsigned Long (UL) instead of Unsigned Short (US), causing out-of-bounds memory access during image decoding. CVSS 9.8 (Critical) with network-accessible attack vector requiring no authentication or user interaction. EPSS score 2% (percentile 4%) suggests low observed exploitation probability despite critical severity. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap buffer overflow in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to achieve arbitrary code execution by sending specially crafted PALETTE COLOR DICOM images. The flaw stems from integer overflow during 32-bit width×height multiplication in pixel length validation, causing bounds checks to incorrectly pass and enabling out-of-bounds memory read/write operations. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. EPSS exp

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows local attackers to corrupt data or crash the service via maliciously crafted PAM images embedded in DICOM files. The vulnerability stems from integer overflow during buffer size calculation when multiplying image dimensions with 32-bit arithmetic, leading to undersized heap allocation followed by oversized writes during pixel processing. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability; no public exploit code or active exploitation confirmed at time of analysis.

Buffer Overflow Memory Corruption Dicom Server
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Use-after-free in libpng 1.0.9 through 1.6.56 allows local attackers to leak heap memory and corrupt PNG chunk metadata by passing a pointer from png_get_PLTE, png_get_tRNS, or png_get_hIST directly into the corresponding setter function on the same structure, exploiting a freed buffer dereference. The vulnerability enables information disclosure and silent data corruption with low attack complexity and no user interaction required; fixed in version 1.6.57.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type confusion vulnerability in Google Chrome CSS engine (versions prior to 147.0.7727.55) enables heap corruption through malicious extensions. Attacker must convince user to install crafted Chrome extension, then exploit triggers memory corruption allowing high-severity impacts: arbitrary code execution, information disclosure, and denial of service. CVSS 8.8 rating reflects unauthenticated network vector requiring only user interaction. No public exploit identified at time of analysis. Chromium project classifies severity as Low despite critical CVSS score, indicating successful exploitation barriers beyond user interaction.

Memory Corruption Information Disclosure Google +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via malicious Chrome extension exploits use-after-free flaw in V8 JavaScript engine, affecting Chrome versions prior to 147.0.7727.55. Attacker must convince user to install a crafted extension to achieve potential remote code execution with high confidentiality, integrity, and availability impact. EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity; no CISA KEV listing or public exploit code identified at time of analysis. Despite high CVSS 8.8

Denial Of Service Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 147.0.7727.55 through a use-after-free vulnerability in the browser's navigation component. Remote attackers can execute arbitrary code by delivering a specially crafted HTML page that triggers memory corruption when a user visits the malicious site. EPSS probability of 0.04% indicates low observed exploitation activity, and no CISA KEV listing confirms this is not confirmed actively exploited at time of analysis. Google has released patches in Chrome 147.0.7727.55.

Denial Of Service RCE Google +5
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free vulnerability in Google Chrome's PrivateAI component (versions prior to 147.0.7727.55) enables sandbox escape when remote attackers socially engineer victims into performing specific UI interactions with malicious HTML pages. Exploitation requires user engagement with attacker-controlled content but no authentication. CVSS 9.6 critical severity reflects potential for complete compromise of confidentiality, integrity, and availability with scope change indicating sandbox boundary violation. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.03%).

Denial Of Service Memory Corruption Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 147.0.7727.55) allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox by delivering a malicious HTML page that triggers a use-after-free vulnerability. While rated High severity (CVSS 8.8) due to complete confidentiality/integrity/availability impact, EPSS scoring places exploitation probability at only 4% (11th percentile), indicating low observed targeting in the wild. No confirmed active exploitation (not in CISA KEV) and no public proof-of-concept identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser sandbox via a maliciously crafted HTML page exploiting a type confusion vulnerability in the V8 JavaScript engine. With CVSS 8.8 (High), network-based attack vector requiring only user interaction, and available vendor patch, this represents a significant but contained threat. EPSS score of 0.04% (11th percentile) indicates low observed exploitation probability, and no active exploitation or public POC is identified at time of analysis. The sandbox containment limits initial impact severity compared to full system compromise.

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome Media component (versions prior to 147.0.7727.55) enables unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages. Exploitation requires user interaction to visit a malicious site. The use-after-free memory corruption vulnerability achieves high confidentiality, integrity, and availability impact within the sandboxed environment. No public exploit identified at time of analysis.

Google RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's V8 JavaScript sandbox affects Google Chrome versions prior to 147.0.7727.55 through a type confusion vulnerability. Attackers can execute arbitrary code by convincing users to visit a malicious webpage, requiring no authentication. Vendor-released patch available (Chrome 147.0.7727.55). No public exploit identified at time of analysis, with EPSS probability at 0.04% (11th percentile) indicating low observed exploitation likelihood despite high CVSS score of 8.8.

Memory Corruption Google RCE +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 147.0.7727.55) allows unauthenticated remote attackers to execute arbitrary code within the sandbox by exploiting a use-after-free memory corruption vulnerability through a malicious HTML page. User interaction (visiting a crafted website) is required. No public exploit identified at time of analysis, with EPSS probability at 4% (11th percentile), indicating relatively low immediate exploitation risk despite high CVSS severity.

Memory Corruption Denial Of Service Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows unauthenticated remote attackers to execute arbitrary code within the browser sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the WebRTC component. The attack requires user interaction (visiting a malicious page). EPSS probability is low (0.03%, 10th percentile), and no public exploit or active exploitation (KEV) has been identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Memory corruption in Go compiler cmd/compile versions before 1.25.9 and 1.26.0-1.26.1 allows local authenticated attackers to achieve integrity compromise and denial of service. A flaw in pointer unwrapping logic during memory move operations causes the compiler to incorrectly assess overlapping memory regions, potentially corrupting compiled binaries. EPSS score of 0.01% indicates minimal real-world exploitation probability, and no public exploit or active exploitation (non-KEV) has been identified at time of analysis.

Buffer Overflow Memory Corruption Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Memory Corruption OpenSSL Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.

Memory Corruption Use After Free Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or information disclosure when users open malicious VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity reflects high impact potential, though exploitation requires user interaction to open a crafted file. No public exploit identified at time of analysis, with EPSS data unavailable for this recently assigned CVE. Local attack vector limits remote exploitation scenarios.

Memory Corruption Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when processing maliciously crafted .lvclass files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open the weaponized file (CVSS AV:L/UI:P). No public exploit identified at time of analysis, though the vendor advisory confirms the vulnerability and provides remediation guidance.

Memory Corruption Information Disclosure Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open a specially crafted .lvlib project library file (CVSS 8.5, AV:L/PR:N/UI:P). No public exploit identified at time of analysis. EPSS data not available, but the local attack vector and user interaction requirement significantly limit immediate mass exploitation risk despite high CVSS score.

Memory Corruption Information Disclosure Buffer Overflow +2
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Local denial of service and potential remote code execution in OpenPrinting CUPS 2.4.16 and prior occurs when the scheduler (cupsd) deletes temporary printers without expiring associated subscriptions, leaving dangling pointers in memory that are subsequently dereferenced. An unauthenticated local attacker can crash the cupsd daemon or, with heap grooming techniques, achieve arbitrary code execution on systems running affected CUPS versions.

Denial Of Service Use After Free RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote memory-safety vulnerability in github.com/jackc/pgx/v5 (Go PostgreSQL driver) enables unauthenticated attackers to achieve arbitrary code execution, information disclosure, and denial of service via network vectors. The flaw affects the pgproto3 protocol implementation subpackage with critical-severity CVSS 9.8 scoring. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis. Vulnerability allows complete compromise of confidentiality, integrity, and availability without user interaction or elevated privileges.

Github Com Jackc Pgx V5 Pgproto3 Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache +5
NVD HeroDevs
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.

Memory Corruption Buffer Overflow Mozilla +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.

Memory Corruption Buffer Overflow Mozilla +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-controlled rogue cellular base stations. The vulnerability affects over 60 MediaTek chipset models widely deployed in smartphones and IoT devices, exploitable by adjacent network attackers without authentication (CVSS:3.1 AV:A/PR:N). While EPSS scores this at only 6% exploitation probability (18th percentile) and no active exploitation is confirmed at time of analysis, the attack s

Buffer Overflow Privilege Escalation Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment connects to an attacker-controlled rogue cellular base station. Affects 57 MediaTek chipset models across MT67xx, MT68xx, MT69xx, MT87xx, and MT27xx families used in mobile devices. Authentication not required (CVSS PR:N) but requires adjacent network access and user interaction to connect to malicious base station. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis, though vendor patch MOLY01406170 has been released per April 2026 MediaTek security bulletin.

Buffer Overflow Privilege Escalation Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Out-of-bounds write in Samsung Exynos chipsets (processors 980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, wearables W920/W930/W1000, modems 5123/5300/5400) allows unauthenticated remote attackers to achieve arbitrary code execution via malformed SMS TP-UD packets. Exploitation occurs through TP-UDHI/UDL value mismatch during SMS message parsing, enabling network-level attacks without user interaction. No public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Samsung
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via use-after-free in Qualcomm Snapdragon video memory management allows authenticated attackers with low privileges to achieve complete system compromise. The vulnerability exists in deprecated DMABUF IOCTL interfaces used for direct memory access buffer operations. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026 CVE. Qualcomm addressed this in their April 2026 security bulletin.

Memory Corruption Buffer Overflow Use After Free +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Memory corruption via use-after-free in Qualcomm Snapdragon SDK occurs when concurrent fence deregistration and signal handling operations access freed memory, allowing authenticated local attackers with low privileges to achieve information disclosure and integrity/availability compromise. CVSS 6.5 reflects local attack vector with high complexity; no public exploit code or active exploitation confirmed at time of analysis.

Use After Free Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth SCO subsystem allows adjacent network attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability exists in sco_recv_frame() which releases a lock on conn->sk without holding a socket reference, creating a race condition where concurrent close() operations can free the socket before subsequent access. Vendor patches available across multiple stable kernel versions (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0-rc6). EPSS score of 0.01% suggests minimal observed exploitation probability despite high CVSS 8.8 rating. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly. Quoting the reporter: nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE value directly to ct->proto.sctp.state without checking that it is within the valid range. [..] and: ... with exp->dir = 100, the access at ct->master->tuplehash[100] reads 5600 bytes past the start of a 320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by UBSAN.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH POC This Week

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Use-after-free in Electron's offscreen rendering with GPU shared textures allows local attackers with high privileges to cause memory corruption or application crashes by invoking the texture release callback after its backing native state has been freed. The vulnerability affects Electron versions before 42.0.0-alpha.5, 41.1.0, 40.8.5, and 39.8.5, and only impacts applications explicitly enabling shared-texture offscreen rendering via webPreferences.offscreen.useSharedTexture: true.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds write vulnerability in Amazon Athena ODBC driver (pre-2.1.0.0) allows remote attackers to crash the driver through specially crafted query data, requiring user interaction to process malicious queries. Affected versions include all Amazon Athena ODBC driver releases before 2.1.0.0 across Windows, Linux, and macOS platforms. CVSS 7.1 (High) reflects network-based attack with low complexity but requires user interaction (UI:P) and impacts only availability (VA:H). No public exploit identified at time of analysis. Vendor-released patch version 2.1.0.0 is available for all supported platforms with direct download links provided in AWS security bulletin 2026-013.

Buffer Overflow Memory Corruption Amazon Athena Odbc Driver
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap overflow in Linux kernel NFSv4.0 LOCK replay cache allows unauthenticated remote attackers to corrupt kernel memory by triggering a denial-of-service or potential code execution. The vulnerability exists in nfsd4_encode_operation() which copies encoded LOCK responses up to 1024 bytes into a fixed 112-byte inline buffer without bounds checking, resulting in up to 944 bytes of slab-out-of-bounds writes. Exploitation requires two cooperating NFSv4.0 clients but no special privileges; upstream fixes are available across multiple stable kernel branches.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel HID-BPF subsystem allows arbitrary return values from dispatch_hid_bpf_raw_requests() to overflow the hid_hw_request buffer without validation. The vulnerability affects all Linux kernel versions with HID-BPF support; attackers with the ability to load or influence BPF programs targeting HID devices can trigger memory corruption. No CVSS score, EPSS data, or confirmed active exploitation has been assigned at time of analysis.

Linux Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's nvdimm/bus subsystem allows local privileged users to potentially trigger memory corruption when device_add() fails during nd_async_device_register() asynchronous initialization. The flaw stems from the parent device reference being dropped before the parent pointer is accessed on allocation failure paths. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel's Cadence MAC (macb) driver allows local attackers to read freed memory via ethtool get_ts_info calls on PTP-capable network interfaces. The PTP clock is registered when the interface opens and destroyed when it closes, but the ethtool handler can still access it after deallocation, causing a kernel memory access violation. No active exploitation confirmed; patch available in stable kernel releases.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel SPI controller registration allows local attackers to trigger unclocked register accesses and potential information disclosure when per-CPU statistics allocation fails during controller initialization. The vulnerability affects all Linux kernel versions and is fixed via proper driver core deregistration on allocation failure; no CVSS score or active exploitation data available at time of analysis.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free vulnerability in the Linux kernel's Bluetooth HIDP subsystem allows local attackers to trigger a kernel crash or potentially execute arbitrary code by failing to properly release L2CAP connection references when user callbacks are invoked. The flaw affects all Linux kernel versions in the CPE range and has been resolved through reference counting fixes in the L2CAP connection cleanup path; no public exploit code is currently identified, but the vulnerability requires local access to trigger via Bluetooth device manipulation.

Linux Debian Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth L2CAP layer allows local attackers to cause denial of service or potentially execute code via a race condition in l2cap_unregister_user(). The vulnerability arises because l2cap_register_user() and l2cap_unregister_user() access conn->users without proper locking (conn->lock), while l2cap_conn_del() protects the same structure with conn->lock, creating concurrent access to freed memory. All Linux kernel versions with Bluetooth L2CAP support are affected. Patch available via Linux stable kernel commits.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel netfilter ctnetlink module allows local attackers to read freed kernel memory by triggering multiple-round netlink dump operations on conntrack expectations, exploiting improper reference counting in ctnetlink_dump_exp_ct() that drops conntrack references before the dump callback completes. The vulnerability requires local network namespace access and CAP_NET_ADMIN capability but enables information disclosure of kernel heap contents via KASAN-detected slab-use-after-free on ct->ext dereference.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use-after-free in Linux kernel MANA hardware channel teardown (net/mana driver) allows concurrent interrupt handlers to dereference freed memory in mana_hwc_destroy_channel(), potentially causing NULL pointer dereference or memory corruption. The vulnerability stems from improper teardown ordering where hwc->caller_ctx is freed before CQ/EQ IRQ handlers are fully synchronized, affecting all Linux kernel versions with the MANA driver. Fixes are available across stable kernel branches via upstream commit reordering.

Linux Use After Free Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

NULL dereference and use-after-free in the Linux kernel's SMC (Shared Memory Communications) socket implementation occur when smc_tcp_syn_recv_sock() races with socket close operations, allowing a local attacker to trigger a kernel panic via concurrent manipulation of TCP SYN handling and SMC listen socket closure. The vulnerability affects the Linux kernel across multiple versions via the net/smc subsystem and is addressed through RCU-protected access and refcount validation rather than lock-based serialization.

Linux Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's mshv (Microsoft Hyper-V) driver allows local attackers to trigger a kernel panic by unmapping user memory after a failed mshv_map_user_memory() call. The error path incorrectly calls vfree() without unregistering the associated MMU notifier, leaving a dangling reference that fires when userspace performs subsequent memory operations. This is a memory safety issue affecting the Hyper-V virtualization subsystem in the Linux kernel.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd SMB server allows local or remote attackers to read freed memory and potentially achieve denial of service or code execution via compound SMB2 requests that reuse a tree connection after it has been disconnected and its associated share_conf structure freed. The vulnerability exists because smb2_get_ksmbd_tcon() bypasses state validation checks when reusing connections in compound requests, enabling subsequent commands to dereference already-freed share_conf pointers. No CVE severity metrics are available, but KASAN confirms memory corruption is triggered in smb2_write operations during tree disconnect sequences.

Linux Use After Free Ubuntu +5
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel's ksmbd SMB server allows remote attackers to crash the kernel or potentially execute code via malicious SMB2 DURABLE_REQ_V2 replay operations. The vulnerability occurs when parse_durable_handle_context() unconditionally reassigns file handle connection pointers during replay operations, causing stale pointer dereferences when the reassigned connection is subsequently freed. A KASAN report confirms the use-after-free in spin_lock operations during file descriptor closure, triggered during SMB2 connection handling in the ksmbd-io workqueue. No public exploit code or active exploitation has been confirmed at time of analysis.

Linux Use After Free Ubuntu +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Interrupt storm in Linux kernel dpaa2-switch driver occurs when a bounds check rejects an out-of-bounds if_id in the IRQ handler but fails to clear the interrupt status, causing repeated spurious interrupts. This denial-of-service condition affects the NXP DPAA2 Ethernet switch driver on systems running vulnerable Linux kernel versions. An attacker with the ability to trigger malformed frames or hardware state transitions could exhaust CPU resources through interrupt flooding.

Linux Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Type confusion in Roundcube Webmail's password plugin allows authenticated users to change passwords without knowing the old password, affecting versions before 1.5.14 and 1.6.14. The vulnerability stems from incorrect password comparison logic that enables privilege escalation within an authenticated session. While the CVSS score of 4.2 reflects moderate severity and the requirement for prior authentication, the impact is direct account compromise for any authenticated user.

Information Disclosure Memory Corruption Webmail
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption in Electron framework (versions <39.8.1, <40.7.0, <41.0.0) allows unauthenticated remote attackers to potentially execute arbitrary code when offscreen rendering is enabled and child windows are permitted. The vulnerability triggers when a parent offscreen WebContents is destroyed while child windows remain active, causing subsequent paint operations to dereference freed memory. EPSS data not available; no public exploit identified at time of analysis. Fixed versions released by vendor.

Use After Free Memory Corruption Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Use-after-free in Electron framework allows memory corruption when native save-file dialogs remain open during session teardown. Affected Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.7 enable local attackers with UI interaction to trigger freed memory dereference via downloaded files, potentially causing application crashes or memory corruption. Only applications that programmatically destroy sessions at runtime and permit downloads are vulnerable; no public exploit code or active exploitation has been identified.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Electron framework allows memory corruption when handling fullscreen, pointer-lock, or keyboard-lock permission requests in apps with asynchronous `session.setPermissionRequestHandler()` callbacks. Affects npm package electron versions prior to 41.0.0-beta.8, 40.7.0, 39.8.0, and 38.8.6. Remote attackers can trigger memory corruption or crashes if the requesting frame navigates or window closes while the permission handler is pending. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available across all affected major version branches.

Use After Free Memory Corruption Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use-after-free in Electron's powerMonitor module allows local attackers to trigger memory corruption or application crashes through system power events. All Electron applications (versions <38.8.6, <39.8.1, <40.8.0, <41.0.0-beta.8) that subscribe to powerMonitor events (suspend, resume, lock-screen) are vulnerable when garbage collection frees the PowerMonitor object while OS-level event handlers retain dangling pointers. Exploitation requires local access and specific timing conditions (CVSS 7.0 HIGH, AC:H). No public exploit identified at time of analysis, though the technical details are publicly documented in the GitHub security advisory.

Use After Free Memory Corruption Microsoft +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Apple Information Disclosure Memory Corruption
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Out-of-bounds memory access in Apple media processing affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, allowing remote attackers to trigger unexpected application termination or memory corruption through maliciously crafted media files. The vulnerability requires user interaction (opening/playing the malicious file) but no authentication. Apple has released patched versions for all affected platforms with CVSS 6.3 (moderate severity) and no public exploitation identified at time of analysis.

Apple Memory Corruption Buffer Overflow
NVD VulDB
Prev Page 18 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy