Skip to main content

Memory Corruption

15277 CVEs technique

Monthly

CVE-2026-50413 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Runtime (WinRT) via a use-after-free memory corruption flaw enables a locally authenticated low-privilege attacker to elevate to SYSTEM-level access on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS scope change (S:C) confirms the exploit crosses a security boundary, yielding full confidentiality, integrity, and availability impact beyond the originating process. No public exploit identified at time of analysis; Microsoft has released a patch via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50369 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Remote Desktop Services (RDS) lets an authenticated, low-privileged attacker elevate to higher privileges across a network by triggering a use-after-free (CWE-416) memory-corruption condition in the RDS component. The flaw spans a broad range of supported Windows client and server releases (Windows 10/11 and Windows Server 2012 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-50436 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker can exploit a use-after-free (CWE-416) memory-corruption condition to elevate privileges to SYSTEM. The flaw was reported by Microsoft, which has released a patch, and carries a CVSS 7.8 rating driven entirely by high confidentiality, integrity, and availability impact once local access is obtained. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-50397 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker win a use-after-free race (CWE-416) to gain SYSTEM-level control, affecting a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch and there is no public exploit identified at time of analysis. The moderate 7.0 score reflects high attack complexity (a timing-dependent race) offset by full confidentiality, integrity and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50433 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Media (the Windows Media component/codec subsystem) allows an already-authenticated local attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-50449 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects a broad range of supported Windows client and server releases, from Windows 10 1809 and Windows Server 2019 through Windows 11 26H1 and Windows Server 2025. An authorized local attacker who can execute low-privilege code can trigger a use-after-free (CWE-416) memory-corruption condition to elevate privileges, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50410 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Runtime (WinRT) affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. An authorized local attacker who can run low-privileged code can trigger a use-after-free memory-corruption condition to elevate to higher privileges, with high confidentiality, integrity, and availability impact implying a path to SYSTEM. No public exploit identified at time of analysis, and the flaw is not on CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50353 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows DirectX graphics kernel subsystem allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition across Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS 3.1 vector (7.8, AV:L/PR:L) confirms local access and low existing privileges are required with no user interaction, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50358 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component affects a broad range of Microsoft Windows client and server editions (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A low-privileged authenticated attacker can abuse a use-after-free (CWE-416) memory corruption flaw to elevate to higher privileges, achieving full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV, but the high attack complexity (a likely race condition) is the main barrier to reliable exploitation.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50340 HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to gain higher privileges by exploiting a use-after-free memory-corruption flaw over the network. Microsoft, who reported the issue, has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS (8.5) is driven by a scope change and full confidentiality/integrity/availability impact, though high attack complexity tempers real-world exploitability.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2026-50390 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50312 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-50425 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Internal System User Profile component allows an already-authenticated attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free memory corruption condition (CWE-416). The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025 including Server Core. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 rating and full high impact on confidentiality, integrity, and availability make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50396 HIGH PATCH This Week

Local privilege escalation in Windows Kernel-Mode Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an authenticated local attacker corrupt kernel memory via a use-after-free and gain SYSTEM-level control. Rated CVSS 7.0 (Important) and reported by Microsoft itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) reflects the race-condition nature typical of kernel UAF bugs, which tempers real-world exploitability despite full C/I/A impact.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50331 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Application Model (the subsystem underlying UWP/packaged app lifecycle and activation) lets an authorized attacker with an existing low-privileged foothold gain SYSTEM-level control by triggering a use-after-free memory-corruption condition. All supported Windows client and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through Server 2025 are affected. This is a Microsoft-reported flaw with a vendor patch available; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50326 HIGH PATCH This Week

Local privilege escalation in the Windows Unified Consent System (UCS) lets an already-authenticated attacker exploit a use-after-free memory-corruption flaw (CWE-416) to gain higher privileges, potentially up to SYSTEM. It affects a broad range of current Windows client and server builds including Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50307 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows TCP/IP stack allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption flaw. Affected builds span Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025 including Server Core. No public exploit identified at time of analysis; Microsoft has released a patch, and the CVSS 7.0 score reflects high attack complexity (likely a race condition) that raises the exploitation bar.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50393 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel-Mode Drivers lets an already-authenticated, low-privileged user corrupt kernel memory to gain SYSTEM-level control. Affected builds include Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, including Server Core. Microsoft has shipped a patch; there is no public exploit identified at time of analysis, and it is not on the CISA KEV list.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50306 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Microsoft Windows TCP/IP networking stack lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain SYSTEM-level control. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025, including Server Core installations. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50392 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (VBS/Isolated User Mode trust boundary) affects Windows 11 24H2/25H2/26H1 and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker gain elevated privileges. Microsoft rates it 7.0 (High) with a local, high-complexity vector requiring low privileges and no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation would require winning a memory-corruption race after already having a foothold.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50329 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025) and, per the CVSS 7.8 vector, yields full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2026-50305 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) memory-corruption flaw lets an already-authenticated local user execute code with elevated (typically SYSTEM) privileges. Microsoft has released a patch and reported the issue itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting a locally-exploitable but high-impact elevation path.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50381 MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50296 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Graphics Kernel component allows a low-privileged local user to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases, was reported by Microsoft, and has a vendor-released patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV; the high attack complexity (AC:H) makes reliable exploitation non-trivial.

Use After Free Memory Corruption Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50354 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025); Microsoft has shipped a fix. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-50293 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows taskbar (Internal Task Bar component) allows an authenticated attacker to elevate to higher privileges by exploiting a use-after-free memory corruption flaw. The issue affects a broad range of current Windows client and server builds (Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025), was reported by Microsoft itself, and is fixed via a vendor patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50323 HIGH PATCH This Week

Local privilege escalation in Windows Runtime (WinRT) on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local user to gain higher privileges by exploiting a use-after-free memory-corruption flaw (CWE-416). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the elevated attack complexity (AC:H) indicates exploitation requires winning a race or meeting specific timing/heap conditions.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49798 CRITICAL POC PATCH Exploit Likely Act Now

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
9.3
EPSS
2.2%
CVE-2026-49795 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated attacker corrupt kernel memory via a use-after-free (CWE-416) and gain full control of the host. The CVSS 3.1 vector (AV:L/PR:L, scope-changed with C:H/I:H/A:H) reflects a low-privileged local user escalating to SYSTEM-level compromise across a broad range of Windows 10, Windows 11, and Windows Server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2026-58602 HIGH PATCH This Week

Local privilege escalation in the Windows Kernel Mode Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel memory and elevate to SYSTEM. Reported by Microsoft with a patch already available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) reflects a high-impact but locally-scoped flaw requiring an existing foothold on the host.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-58526 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-54127 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in the Windows Hyper-V virtualization stack lets an attacker running code on an affected host trigger a use-after-free to gain higher privileges. The flaw affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the modeled full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) makes it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +5
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-50694 HIGH PATCH NEWS This Week

Remote code execution in the Windows Secure Socket Tunneling Protocol (SSTP) component lets an unauthenticated network attacker run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of Windows client and server builds, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the network attack vector combined with full high impact to confidentiality, integrity and availability makes it a meaningful patch priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-55948 HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54995 HIGH PATCH NEWS This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-54114 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-55000 MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-54989 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54129 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49173 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49171 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49169 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows Server 2025 Server Core Installation
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2026-49167 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-49166 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49162 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-59197 HIGH PATCH This Week

Heap out-of-bounds write in Python Pillow prior to 12.3.0 lets an attacker who controls the rank-filter size parameter corrupt native heap memory and crash or potentially manipulate the process. ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before validating the filter size, and the native ImagingExpand() routine computes output dimensions using unchecked signed-int arithmetic, so a very large odd size overflows and drives an out-of-bounds write (CWE-787). No public exploit is identified at time of analysis; the flaw is fixed in Pillow 12.3.0.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-59205 HIGH PATCH This Week

Denial-of-service and controlled heap corruption in Python's Pillow imaging library (all versions prior to 12.3.0) occurs when ImageCms.ImageCmsTransform.apply() is invoked with an output image whose mode does not match the transform's declared output mode, causing an out-of-bounds write in the native color-management code. The pre-fix code only validated the output mode and never validated the input mode, so a mismatched buffer geometry lets the C-level transform write past allocation bounds. No public exploit has been identified at time of analysis; the fix is confirmed in release 12.3.0 via the vendor security advisory GHSA-9hw9-ch79-4vh6.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-10669 HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure Buffer Overflow Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-8314 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8313 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8312 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8085 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-44747 CRITICAL NEWS Act Now

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack.

Buffer Overflow SAP Memory Corruption Sap Netweaver Application Server Abap
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-40467 MEDIUM PATCH This Month

Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the gawk process, causing a denial of service. All gawk versions 5.4.0 and below are affected, as confirmed by CERT-PL and an upstream patch commit. No active exploitation has been identified (not in CISA KEV), and the impact is confined to availability - no confidentiality or integrity effects have been demonstrated.

Denial Of Service Use After Free Memory Corruption Gawk
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-15545 HIGH POC This Week

Out-of-bounds write in the Shibby Tomato router firmware (versions up to and including 1.28.0000) lets authenticated remote users corrupt memory through the apcupsd web component. The flaw sits in the main() function of www/apcupsd/tomatodata.cgi, where crafted input reaches an out-of-bounds write (CWE-787) that can crash the CGI or potentially execute code on the router. Publicly available exploit code exists (via VulDB/Gitee), but there is no confirmed active exploitation; note that this project has been superseded by FreshTomato and is effectively end-of-life.

Memory Corruption Buffer Overflow Tomato
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-10667 HIGH PATCH This Week

Kernel memory corruption in the Zephyr RTOS (versions v1.14.0 through v4.4.0) lets an unprivileged user-mode thread corrupt the kernel's dynamic object-tracking list across the userspace security boundary. The flaw is a use-after-free race (CWE-416) in the obj_list traversal, exploitable only on builds combining CONFIG_SMP, CONFIG_USERSPACE, and CONFIG_DYNAMIC_OBJECTS, and can yield privilege escalation or a kernel crash. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Privilege Escalation +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10666 HIGH PATCH This Week

Out-of-bounds stack write in the Zephyr RTOS IPv4 address parser (parse_ipv4() in subsys/net/ip/utils.c) lets an attacker corrupt memory when an application resolves an attacker-influenced "a.b.c.d:port" string, causing at minimum denial of service and potentially control-flow hijack on the affected embedded device. The defect exists in every release from v1.9.0 through v4.4.0 and is reachable through the standard socket resolver (zsock_getaddrinfo), DNS server-string configuration, and the eswifi Wi-Fi DNS-response path. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor fix (two upstream commits and advisory GHSA-532c-7g7f-jhmh) is available.

Memory Corruption Denial Of Service Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-10665 HIGH PATCH This Week

Out-of-bounds write in the WireGuard subsystem of Zephyr RTOS 4.4.0 lets a malicious or compromised WireGuard peer (or an on-path attacker driving an established session) corrupt memory by sending an oversized transport-data datagram. Because the flawed copy occurs before the Poly1305 authentication check, exploitation needs only a valid receiver session index rather than a valid authenticator, and reliably yields at least a remote denial of service on the target device. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the Zephyr project has published advisory GHSA-3wqm-wgx2-9367 and an upstream fix.

Memory Corruption Denial Of Service Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.4%
CVE-2026-10664 MEDIUM PATCH This Month

Out-of-bounds stack write in Zephyr's nRF70 Wi-Fi driver exposes embedded systems to memory corruption when the nRF70 co-processor returns a power-save event with more than eight TWT flow entries. The vulnerable function `nrf_wifi_event_proc_get_power_save_info()` blindly copies co-processor-supplied TWT entries into a fixed 8-element stack array without validating `num_twt_flows` against `WIFI_MAX_TWT_FLOWS`, enabling heap/stack corruption of approximately 40 bytes per excess entry. No public exploit code exists and the flaw is not listed in CISA KEV, but the adjacent-network attack vector and the indirect over-the-air influence path via a rogue AP manipulating TWT sessions make this a meaningful risk in Wi-Fi 6 (802.11ax) deployment environments running Zephyr with `CONFIG_NRF70_STA_MODE`.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.1%
CVE-2026-10663 MEDIUM PATCH This Month

Use-after-free and double-free in Zephyr RTOS's experimental USB host stack (CONFIG_USB_HOST_STACK, introduced in v4.4.0) allows an attacker with physical USB access to crash the target device or corrupt live kernel slab objects by bouncing a USB device connection to trigger a second removal event after the slab has already been freed. The flaw exists because usbh_device_disconnect() frees the root usb_device slab object without clearing the cached ctx->root pointer, and UHC controller drivers (uhc_max3421e, uhc_mcux_common) emit UHC_EVT_DEV_REMOVED directly from hardware line-state with no debounce or re-entry guard. No public exploit identified at time of analysis, and no CISA KEV listing; the physical-access prerequisite substantially constrains the realistic attacker population.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-10660 MEDIUM PATCH This Month

Out-of-bounds write in Zephyr RTOS's Bluetooth BAP Broadcast Assistant (subsys/bluetooth/audio/bap_broadcast_assistant.c v4.4.0 and earlier) allows a BLE-adjacent attacker operating one or more malicious Scan Delegator peripherals to corrupt the target device's memory or cause a denial of service. The root cause is a file-static 512-byte att_buf (net_buf_simple) shared across all connection instances: when the Broadcast Assistant holds two or more concurrent BLE connections, concurrent GATT notification callbacks interleave writes into this buffer without tailroom checks, enabling writes past the BSS boundary into adjacent memory. No public exploit has been identified and exploitation requires high attack complexity, but the memory corruption primitive is serious for embedded/IoT targets where crash recovery may be unavailable.

Memory Corruption Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-61861 MEDIUM PATCH This Month

Use-after-free in ImageMagick before 7.1.2-26 exposes servers that process untrusted images to denial of service and potential code execution via a dangling pointer in the FormatMagickCaption method when memory allocation fails. The CVSS 4.0 vector scores this at 6.3, reflecting high attack complexity (AC:H) and specific prerequisite conditions (AT:P), though intelligence tags flag RCE - a claim the vendor CVSS impact metrics do not fully corroborate, as only low availability impact is scored. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free RCE Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-41154 HIGH This Week

Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows a non-privileged local user to corrupt kernel memory through crafted GPU API calls, potentially achieving privilege escalation. The flaw stems from incorrect buffer indexing in the sparse-memory page-freeing path when pages larger than 4kB are handled. Rated CVSS 7.8 (CWE-787); no public exploit identified at time of analysis and EPSS is low at 0.17% (6th percentile).

Buffer Overflow Memory Corruption Graphics Ddk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-34196 HIGH This Week

Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user trigger a use-after-free by abusing an integer overflow in GPU memory-mapping system calls. The flaw allows two GPU virtual addresses to alias the same physical page; freeing one mapping releases the page while the second dangling mapping retains read/write access, enabling cross-process memory disclosure and corruption. No public exploit is identified at time of analysis and EPSS is low (0.15%), but the local read/write UAF primitive is a strong stepping stone to kernel-level compromise.

Buffer Overflow Use After Free Memory Corruption Graphics Ddk
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-55233 HIGH PATCH This Week

Denial of service in OpenResty 1.29.2.1 through 1.29.2.4 arises from an out-of-bounds write (CWE-787) in the upstream PROXY protocol v2 implementation; when the platform is configured to prepend PROXY protocol v2 headers to upstream connections, header construction in the stream proxy-protocol-v2 patch overruns its allocated buffer and crashes the worker process. Any environment that has explicitly enabled PROXY protocol v2 for upstream connections is affected, degrading availability without any impact to confidentiality or integrity. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; it is resolved in OpenResty 1.29.2.5.

Memory Corruption Denial Of Service Buffer Overflow Openresty
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-56373 NuGet MEDIUM PATCH This Month

Use-after-free in ImageMagick's PDB decoder (all versions before 7.1.2-15) allows remote attackers supplying crafted Palm Database image files to crash the application or write a single null byte to freed heap memory. The flaw manifests specifically when memory allocation fails during PDB decoding, leaving a stale pointer that is subsequently dereferenced rather than nulled or re-validated. No public exploit or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects constrained exploitation conditions (AC:H, AT:P) and impact limited strictly to availability.

Memory Corruption Denial Of Service Use After Free Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-59857 MEDIUM PATCH This Month

Stack buffer overflow in Vim's SAL sound-folding spell engine prior to version 9.2.0725 crashes the editor by writing a null byte one position past the end of a MAXWLEN-element stack buffer in spell_soundfold_sal(). Exploitation requires a user to open Vim with a SAL-based spell file active under a non-multibyte 8-bit encoding and trigger sound-based spell suggestions on a boundary-length word, corrupting the eval_soundfold() stack frame. No public exploit has been identified at time of analysis, and the impact is limited to availability (editor crash) with no confidentiality or integrity consequences.

Memory Corruption Buffer Overflow Vim
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-33799 MEDIUM PATCH This Month

Memory exhaustion in Juniper Networks Junos OS and Junos OS Evolved snmpd allows an authenticated network attacker to crash SNMP monitoring by sending specific valid SNMPv3 queries that trigger an out-of-bounds write and progressive memory leak. The snmpd process will exhaust available memory over time, crash, and restart, rendering SNMP-based network monitoring unavailable for the duration of each crash cycle. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the CVSS 4.0 supplemental metric AU:Y indicates the attack is automatable.

Memory Corruption Juniper Buffer Overflow Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-57021 MEDIUM PATCH This Month

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes the process when handling crafted network requests, taking down all web-management-dependent services including J-Web, remote-access VPN, and firewall authentication until automatic process recovery. Exploitation is gated on a specific non-default configuration - remote-access VPN with pre-logon compliance check enabled - limiting the exposed population to SRX deployments that actively use this feature. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the official CVSS 5.3 score reflects the limited, reversible availability-only impact.

Memory Corruption Juniper Buffer Overflow Junos Os
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2026-60094 MEDIUM This Month

Heap buffer overflow in Vinchin Backup & Recovery through version 9.0.0.86562 allows unauthenticated remote attackers to crash the agentlink_server process or corrupt heap memory without any prior access or user interaction. The agentlink_server service accepts a TCP packet body_len field without bounds validation, passing the attacker-controlled value directly to recv() and enabling heap writes of up to approximately 4 GiB beyond the allocated buffer. This vulnerability is not listed in CISA KEV and no public exploit code is confirmed at time of analysis, though the heap overflow magnitude raises concern for potential code execution beyond simple denial-of-service.

Memory Corruption Buffer Overflow Backup Recovery 9 0
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-58305 MEDIUM PATCH This Month

Type confusion (CWE-843) in Samsung's open-source Escargot JavaScript engine enables pointer manipulation, leading to high-impact availability disruption and limited integrity compromise when processing malicious JavaScript. All Escargot versions prior to commit 779f6bedf58f334dec64b0a51ebb724b4708b84a are affected, with particular relevance to Samsung embedded and smart appliance ecosystems where this engine is deployed. No public exploit has been identified at time of analysis, and an upstream fix is available via GitHub PR #1580, though a formally versioned release has not been independently confirmed.

Memory Corruption Samsung Information Disclosure Escargot
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-59691 HIGH This Week

Heap buffer overflow in GStreamer's rfbsrc (RFB/VNC source) plugin lets a malicious VNC server crash or corrupt the memory of any client that connects to it. When the server advertises a 16bpp framebuffer and sends Hextile-encoded updates, the background-fill path writes 32-bit pixels into a 16-bit buffer, producing an out-of-bounds heap write. No public exploit identified at time of analysis; the primary confirmed impact is denial of service, with potential for further memory corruption. This is a client-side flaw requiring the victim to connect to attacker-controlled infrastructure.

Memory Corruption Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-15133 HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15129 HIGH PATCH This Week

Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker exploit a use-after-free by luring a victim to a crafted HTML page. The flaw, rated Critical by Chromium and CVSS 8.8, requires user interaction (visiting a malicious page) but no authentication; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Google has shipped a stable-channel fix.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15126 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15121 HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15120 HIGH PATCH This Week

Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but as the second stage of a browser exploit chain it is a meaningful patch priority.

Memory Corruption Google Microsoft Denial Of Service Use After Free
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-15118 HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15117 HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component (versions prior to 150.0.7871.115) lets a remote attacker who lures a user into performing specific UI gestures potentially achieve code execution via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and CVSS 7.5, with a vendor patch already shipped in the July 2026 Stable channel update; no public exploit has been identified at time of analysis. Exploitation is gated by high attack complexity and required user interaction, making it credible but not trivially weaponizable.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-15116 HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15113 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Android before 150.0.7871.115 stems from a use-after-free in the Autofill component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Rated High by Chromium and carrying a CVSS 9.6 due to the scope-changing impact, it currently has no public exploit identified at time of analysis and is not listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel update.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-15112 HIGH PATCH This Week

Remote heap corruption in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free (CWE-416) in Ozone, the platform abstraction layer that mediates windowing, graphics, and input. A remote attacker who lures a victim into loading a crafted HTML page can trigger the freed-memory reuse and potentially achieve renderer-level code execution; Chromium rates the underlying flaw Critical. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, low-complexity CVSS 8.8 profile makes it a high-priority browser patch.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-15111 HIGH PATCH This Week

Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker who lures a user into performing specific UI gestures on a crafted HTML page potentially execute code or crash the browser via a use-after-free. Google rates the Chromium severity High; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome UAF bugs are historically attractive exploitation targets.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-15110 HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-15107 HIGH PATCH This Week

Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.

Memory Corruption Google Denial Of Service Use After Free RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0288 HIGH PATCH This Week

Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.

Memory Corruption Paloalto Buffer Overflow Denial Of Service RCE +1
NVD VulDB
CVSS 4.0
7.2
EPSS
0.5%
CVE-2026-13126 HIGH This Week

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows a crafted PDF containing embedded JavaScript to free page objects and trigger a dangling write to pop-up annotation objects. An attacker who convinces a user to open a malicious document can crash the application and potentially achieve arbitrary code execution in the user's context. No public exploit identified at time of analysis; the flaw was reported privately by Foxit.

Memory Corruption Denial Of Service Use After Free Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13127 HIGH This Week

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Reader (≤2026.1.1) arises when a crafted PDF's embedded JavaScript rewrites the document to alter the page structure, freeing the underlying page objects while the thumbnail renderer continues to reference them - a classic use-after-free (CWE-416). A victim who merely opens the file triggers the dangling reference, causing an application crash and, given the CVSS confidentiality/integrity impact, a plausible path to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13128 HIGH This Week

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a crafted PDF whose embedded JavaScript deletes the current page, after which subsequent scripts dereference now-freed document-view properties and crash the application. This is a CWE-416 use-after-free reported by Foxit; no public exploit identified at time of analysis, and it is not listed in CISA KEV. The documented impact is an application crash, though the underlying memory-corruption class warrants caution about potential escalation.

Memory Corruption Denial Of Service Use After Free Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Runtime (WinRT) via a use-after-free memory corruption flaw enables a locally authenticated low-privilege attacker to elevate to SYSTEM-level access on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS scope change (S:C) confirms the exploit crosses a security boundary, yielding full confidentiality, integrity, and availability impact beyond the originating process. No public exploit identified at time of analysis; Microsoft has released a patch via MSRC.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Windows Remote Desktop Services (RDS) lets an authenticated, low-privileged attacker elevate to higher privileges across a network by triggering a use-after-free (CWE-416) memory-corruption condition in the RDS component. The flaw spans a broad range of supported Windows client and server releases (Windows 10/11 and Windows Server 2012 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where an authorized attacker can exploit a use-after-free (CWE-416) memory-corruption condition to elevate privileges to SYSTEM. The flaw was reported by Microsoft, which has released a patch, and carries a CVSS 7.8 rating driven entirely by high confidentiality, integrity, and availability impact once local access is obtained. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker win a use-after-free race (CWE-416) to gain SYSTEM-level control, affecting a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch and there is no public exploit identified at time of analysis. The moderate 7.0 score reflects high attack complexity (a timing-dependent race) offset by full confidentiality, integrity and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Media (the Windows Media component/codec subsystem) allows an already-authenticated local attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects a broad range of supported Windows client and server releases, from Windows 10 1809 and Windows Server 2019 through Windows 11 26H1 and Windows Server 2025. An authorized local attacker who can execute low-privilege code can trigger a use-after-free (CWE-416) memory-corruption condition to elevate privileges, yielding full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Runtime (WinRT) affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. An authorized local attacker who can run low-privileged code can trigger a use-after-free memory-corruption condition to elevate to higher privileges, with high confidentiality, integrity, and availability impact implying a path to SYSTEM. No public exploit identified at time of analysis, and the flaw is not on CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows DirectX graphics kernel subsystem allows an authenticated attacker to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition across Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The CVSS 3.1 vector (7.8, AV:L/PR:L) confirms local access and low existing privileges are required with no user interaction, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component affects a broad range of Microsoft Windows client and server editions (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A low-privileged authenticated attacker can abuse a use-after-free (CWE-416) memory corruption flaw to elevate to higher privileges, achieving full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the flaw is not on CISA KEV, but the high attack complexity (a likely race condition) is the main barrier to reliable exploitation.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Elevation of privilege in the Windows Runtime (WinRT) component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated attacker to gain higher privileges by exploiting a use-after-free memory-corruption flaw over the network. Microsoft, who reported the issue, has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS (8.5) is driven by a scope change and full confidentiality/integrity/availability impact, though high attack complexity tempers real-world exploitability.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel (CVE-2026-50390) lets an already-authenticated attacker abuse a type-confusion condition to run code with elevated (SYSTEM-level) privileges on affected Windows client and server builds ranging from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. Microsoft has shipped a fix and there is no public exploit identified at time of analysis, but as a kernel EoP it is a classic second-stage building block for turning a foothold into full host compromise. CVSS is 7.0 (High), reflecting high attack complexity but full confidentiality, integrity, and availability impact once triggered.

Microsoft Memory Corruption Information Disclosure +18
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Internal System User Profile component allows an already-authenticated attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free memory corruption condition (CWE-416). The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2025 including Server Core. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 rating and full high impact on confidentiality, integrity, and availability make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Kernel-Mode Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an authenticated local attacker corrupt kernel memory via a use-after-free and gain SYSTEM-level control. Rated CVSS 7.0 (Important) and reported by Microsoft itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (AC:H) reflects the race-condition nature typical of kernel UAF bugs, which tempers real-world exploitability despite full C/I/A impact.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Application Model (the subsystem underlying UWP/packaged app lifecycle and activation) lets an authorized attacker with an existing low-privileged foothold gain SYSTEM-level control by triggering a use-after-free memory-corruption condition. All supported Windows client and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through Server 2025 are affected. This is a Microsoft-reported flaw with a vendor patch available; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Unified Consent System (UCS) lets an already-authenticated attacker exploit a use-after-free memory-corruption flaw (CWE-416) to gain higher privileges, potentially up to SYSTEM. It affects a broad range of current Windows client and server builds including Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows TCP/IP stack allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption flaw. Affected builds span Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025 including Server Core. No public exploit identified at time of analysis; Microsoft has released a patch, and the CVSS 7.0 score reflects high attack complexity (likely a race condition) that raises the exploitation bar.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel-Mode Drivers lets an already-authenticated, low-privileged user corrupt kernel memory to gain SYSTEM-level control. Affected builds include Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, including Server Core. Microsoft has shipped a patch; there is no public exploit identified at time of analysis, and it is not on the CISA KEV list.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Microsoft Windows TCP/IP networking stack lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain SYSTEM-level control. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025, including Server Core installations. Microsoft reported the issue and has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (VBS/Isolated User Mode trust boundary) affects Windows 11 24H2/25H2/26H1 and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker gain elevated privileges. Microsoft rates it 7.0 (High) with a local, high-complexity vector requiring low privileges and no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation would require winning a memory-corruption race after already having a foothold.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025) and, per the CVSS 7.8 vector, yields full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) memory-corruption flaw lets an already-authenticated local user execute code with elevated (typically SYSTEM) privileges. Microsoft has released a patch and reported the issue itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting a locally-exploitable but high-impact elevation path.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally.

Memory Corruption Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Graphics Kernel component allows a low-privileged local user to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases, was reported by Microsoft, and has a vendor-released patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV; the high attack complexity (AC:H) makes reliable exploitation non-trivial.

Use After Free Memory Corruption Denial Of Service +14
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025); Microsoft has shipped a fix. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows taskbar (Internal Task Bar component) allows an authenticated attacker to elevate to higher privileges by exploiting a use-after-free memory corruption flaw. The issue affects a broad range of current Windows client and server builds (Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2025), was reported by Microsoft itself, and is fixed via a vendor patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Runtime (WinRT) on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local user to gain higher privileges by exploiting a use-after-free memory-corruption flaw (CWE-416). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the host. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the elevated attack complexity (AC:H) indicates exploitation requires winning a race or meeting specific timing/heap conditions.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Exploit Likely Act Now

Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated attacker corrupt kernel memory via a use-after-free (CWE-416) and gain full control of the host. The CVSS 3.1 vector (AV:L/PR:L, scope-changed with C:H/I:H/A:H) reflects a low-privileged local user escalating to SYSTEM-level compromise across a broad range of Windows 10, Windows 11, and Windows Server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Kernel Mode Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel memory and elevate to SYSTEM. Reported by Microsoft with a patch already available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) reflects a high-impact but locally-scoped flaw requiring an existing foothold on the host.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.4
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hyper-V virtualization stack lets an attacker running code on an affected host trigger a use-after-free to gain higher privileges. The flaw affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the modeled full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) makes it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Windows Secure Socket Tunneling Protocol (SSTP) component lets an unauthenticated network attacker run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of Windows client and server builds, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the network attack vector combined with full high impact to confidentiality, integrity and availability makes it a meaningful patch priority.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service +18
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap out-of-bounds write in Python Pillow prior to 12.3.0 lets an attacker who controls the rank-filter size parameter corrupt native heap memory and crash or potentially manipulate the process. ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before validating the filter size, and the native ImagingExpand() routine computes output dimensions using unchecked signed-int arithmetic, so a very large odd size overflows and drives an out-of-bounds write (CWE-787). No public exploit is identified at time of analysis; the flaw is fixed in Pillow 12.3.0.

Python Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service and controlled heap corruption in Python's Pillow imaging library (all versions prior to 12.3.0) occurs when ImageCms.ImageCmsTransform.apply() is invoked with an output image whose mode does not match the transform's declared output mode, causing an out-of-bounds write in the native color-management code. The pre-fix code only validated the output mode and never validated the input mode, so a mismatched buffer geometry lets the C-level transform write past allocation bounds. No public exploit has been identified at time of analysis; the fix is confirmed in release 12.3.0 via the vendor security advisory GHSA-9hw9-ch79-4vh6.

Python Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Memory corruption in SAP NetWeaver Application Server ABAP lets an authenticated attacker exploit logical flaws in memory management (an out-of-bounds write) to read or alter data and crash the system, with high impact on confidentiality, integrity, and availability. SAP rates it CVSS 9.9 with a changed scope, meaning a low-privileged user can affect components beyond their own authorization boundary. There is no public exploit identified at time of analysis, but the low attack complexity and network reachability make it a high-priority patch for any exposed ABAP stack.

Buffer Overflow SAP Memory Corruption +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the gawk process, causing a denial of service. All gawk versions 5.4.0 and below are affected, as confirmed by CERT-PL and an upstream patch commit. No active exploitation has been identified (not in CISA KEV), and the impact is confined to availability - no confidentiality or integrity effects have been demonstrated.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Out-of-bounds write in the Shibby Tomato router firmware (versions up to and including 1.28.0000) lets authenticated remote users corrupt memory through the apcupsd web component. The flaw sits in the main() function of www/apcupsd/tomatodata.cgi, where crafted input reaches an out-of-bounds write (CWE-787) that can crash the CGI or potentially execute code on the router. Publicly available exploit code exists (via VulDB/Gitee), but there is no confirmed active exploitation; note that this project has been superseded by FreshTomato and is effectively end-of-life.

Memory Corruption Buffer Overflow Tomato
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel memory corruption in the Zephyr RTOS (versions v1.14.0 through v4.4.0) lets an unprivileged user-mode thread corrupt the kernel's dynamic object-tracking list across the userspace security boundary. The flaw is a use-after-free race (CWE-416) in the obj_list traversal, exploitable only on builds combining CONFIG_SMP, CONFIG_USERSPACE, and CONFIG_DYNAMIC_OBJECTS, and can yield privilege escalation or a kernel crash. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds stack write in the Zephyr RTOS IPv4 address parser (parse_ipv4() in subsys/net/ip/utils.c) lets an attacker corrupt memory when an application resolves an attacker-influenced "a.b.c.d:port" string, causing at minimum denial of service and potentially control-flow hijack on the affected embedded device. The defect exists in every release from v1.9.0 through v4.4.0 and is reachable through the standard socket resolver (zsock_getaddrinfo), DNS server-string configuration, and the eswifi Wi-Fi DNS-response path. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor fix (two upstream commits and advisory GHSA-532c-7g7f-jhmh) is available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds write in the WireGuard subsystem of Zephyr RTOS 4.4.0 lets a malicious or compromised WireGuard peer (or an on-path attacker driving an established session) corrupt memory by sending an oversized transport-data datagram. Because the flawed copy occurs before the Poly1305 authentication check, exploitation needs only a valid receiver session index rather than a valid authenticator, and reliably yields at least a remote denial of service on the target device. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the Zephyr project has published advisory GHSA-3wqm-wgx2-9367 and an upstream fix.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Out-of-bounds stack write in Zephyr's nRF70 Wi-Fi driver exposes embedded systems to memory corruption when the nRF70 co-processor returns a power-save event with more than eight TWT flow entries. The vulnerable function `nrf_wifi_event_proc_get_power_save_info()` blindly copies co-processor-supplied TWT entries into a fixed 8-element stack array without validating `num_twt_flows` against `WIFI_MAX_TWT_FLOWS`, enabling heap/stack corruption of approximately 40 bytes per excess entry. No public exploit code exists and the flaw is not listed in CISA KEV, but the adjacent-network attack vector and the indirect over-the-air influence path via a rogue AP manipulating TWT sessions make this a meaningful risk in Wi-Fi 6 (802.11ax) deployment environments running Zephyr with `CONFIG_NRF70_STA_MODE`.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Use-after-free and double-free in Zephyr RTOS's experimental USB host stack (CONFIG_USB_HOST_STACK, introduced in v4.4.0) allows an attacker with physical USB access to crash the target device or corrupt live kernel slab objects by bouncing a USB device connection to trigger a second removal event after the slab has already been freed. The flaw exists because usbh_device_disconnect() frees the root usb_device slab object without clearing the cached ctx->root pointer, and UHC controller drivers (uhc_max3421e, uhc_mcux_common) emit UHC_EVT_DEV_REMOVED directly from hardware line-state with no debounce or re-entry guard. No public exploit identified at time of analysis, and no CISA KEV listing; the physical-access prerequisite substantially constrains the realistic attacker population.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Out-of-bounds write in Zephyr RTOS's Bluetooth BAP Broadcast Assistant (subsys/bluetooth/audio/bap_broadcast_assistant.c v4.4.0 and earlier) allows a BLE-adjacent attacker operating one or more malicious Scan Delegator peripherals to corrupt the target device's memory or cause a denial of service. The root cause is a file-static 512-byte att_buf (net_buf_simple) shared across all connection instances: when the Broadcast Assistant holds two or more concurrent BLE connections, concurrent GATT notification callbacks interleave writes into this buffer without tailroom checks, enabling writes past the BSS boundary into adjacent memory. No public exploit has been identified and exploitation requires high attack complexity, but the memory corruption primitive is serious for embedded/IoT targets where crash recovery may be unavailable.

Memory Corruption Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in ImageMagick before 7.1.2-26 exposes servers that process untrusted images to denial of service and potential code execution via a dangling pointer in the FormatMagickCaption method when memory allocation fails. The CVSS 4.0 vector scores this at 6.3, reflecting high attack complexity (AC:H) and specific prerequisite conditions (AT:P), though intelligence tags flag RCE - a claim the vendor CVSS impact metrics do not fully corroborate, as only low availability impact is scored. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free +2
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows a non-privileged local user to corrupt kernel memory through crafted GPU API calls, potentially achieving privilege escalation. The flaw stems from incorrect buffer indexing in the sparse-memory page-freeing path when pages larger than 4kB are handled. Rated CVSS 7.8 (CWE-787); no public exploit identified at time of analysis and EPSS is low at 0.17% (6th percentile).

Buffer Overflow Memory Corruption Graphics Ddk
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user trigger a use-after-free by abusing an integer overflow in GPU memory-mapping system calls. The flaw allows two GPU virtual addresses to alias the same physical page; freeing one mapping releases the page while the second dangling mapping retains read/write access, enabling cross-process memory disclosure and corruption. No public exploit is identified at time of analysis and EPSS is low (0.15%), but the local read/write UAF primitive is a strong stepping stone to kernel-level compromise.

Buffer Overflow Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenResty 1.29.2.1 through 1.29.2.4 arises from an out-of-bounds write (CWE-787) in the upstream PROXY protocol v2 implementation; when the platform is configured to prepend PROXY protocol v2 headers to upstream connections, header construction in the stream proxy-protocol-v2 patch overruns its allocated buffer and crashes the worker process. Any environment that has explicitly enabled PROXY protocol v2 for upstream connections is affected, degrading availability without any impact to confidentiality or integrity. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; it is resolved in OpenResty 1.29.2.5.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in ImageMagick's PDB decoder (all versions before 7.1.2-15) allows remote attackers supplying crafted Palm Database image files to crash the application or write a single null byte to freed heap memory. The flaw manifests specifically when memory allocation fails during PDB decoding, leaving a stale pointer that is subsequently dereferenced rather than nulled or re-validated. No public exploit or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects constrained exploitation conditions (AC:H, AT:P) and impact limited strictly to availability.

Memory Corruption Denial Of Service Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Stack buffer overflow in Vim's SAL sound-folding spell engine prior to version 9.2.0725 crashes the editor by writing a null byte one position past the end of a MAXWLEN-element stack buffer in spell_soundfold_sal(). Exploitation requires a user to open Vim with a SAL-based spell file active under a non-multibyte 8-bit encoding and trigger sound-based spell suggestions on a boundary-length word, corrupting the eval_soundfold() stack frame. No public exploit has been identified at time of analysis, and the impact is limited to availability (editor crash) with no confidentiality or integrity consequences.

Memory Corruption Buffer Overflow Vim
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion in Juniper Networks Junos OS and Junos OS Evolved snmpd allows an authenticated network attacker to crash SNMP monitoring by sending specific valid SNMPv3 queries that trigger an out-of-bounds write and progressive memory leak. The snmpd process will exhaust available memory over time, crash, and restart, rendering SNMP-based network monitoring unavailable for the duration of each crash cycle. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the CVSS 4.0 supplemental metric AU:Y indicates the attack is automatable.

Memory Corruption Juniper Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes the process when handling crafted network requests, taking down all web-management-dependent services including J-Web, remote-access VPN, and firewall authentication until automatic process recovery. Exploitation is gated on a specific non-default configuration - remote-access VPN with pre-logon compliance check enabled - limiting the exposed population to SRX deployments that actively use this feature. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the official CVSS 5.3 score reflects the limited, reversible availability-only impact.

Memory Corruption Juniper Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Heap buffer overflow in Vinchin Backup & Recovery through version 9.0.0.86562 allows unauthenticated remote attackers to crash the agentlink_server process or corrupt heap memory without any prior access or user interaction. The agentlink_server service accepts a TCP packet body_len field without bounds validation, passing the attacker-controlled value directly to recv() and enabling heap writes of up to approximately 4 GiB beyond the allocated buffer. This vulnerability is not listed in CISA KEV and no public exploit code is confirmed at time of analysis, though the heap overflow magnitude raises concern for potential code execution beyond simple denial-of-service.

Memory Corruption Buffer Overflow Backup Recovery 9 0
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Type confusion (CWE-843) in Samsung's open-source Escargot JavaScript engine enables pointer manipulation, leading to high-impact availability disruption and limited integrity compromise when processing malicious JavaScript. All Escargot versions prior to commit 779f6bedf58f334dec64b0a51ebb724b4708b84a are affected, with particular relevance to Samsung embedded and smart appliance ecosystems where this engine is deployed. No public exploit has been identified at time of analysis, and an upstream fix is available via GitHub PR #1580, though a formally versioned release has not been independently confirmed.

Memory Corruption Samsung Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap buffer overflow in GStreamer's rfbsrc (RFB/VNC source) plugin lets a malicious VNC server crash or corrupt the memory of any client that connects to it. When the server advertises a 16bpp framebuffer and sends Hextile-encoded updates, the background-fill path writes 32-bit pixels into a 16-bit buffer, producing an out-of-bounds heap write. No public exploit identified at time of analysis; the primary confirmed impact is denial of service, with potential for further memory corruption. This is a client-side flaw requiring the victim to connect to attacker-controlled infrastructure.

Memory Corruption Denial Of Service Buffer Overflow +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the InterestGroups component (the Protected Audience / FLEDGE ad-auction API of Privacy Sandbox), letting a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the Chromium severity High, and the CVSS 8.8 reflects network-reachable, low-complexity, unauthenticated exploitation gated only by user interaction (visiting a page). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though EPSS-style risk for Chrome memory-corruption bugs is typically elevated once details circulate.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker exploit a use-after-free by luring a victim to a crafted HTML page. The flaw, rated Critical by Chromium and CVSS 8.8, requires user interaction (visiting a malicious page) but no authentication; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Google has shipped a stable-channel fix.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 150.0.7871.115 stems from a use-after-free in the Forms component, allowing a remote attacker to run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a High Chromium severity rating and CVSS 8.8; Google has shipped a stable-channel fix, but no public exploit has been identified at time of analysis. Because code execution is confined to the sandbox, a separate sandbox-escape bug would be required for full host compromise.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Core component on Windows (versions prior to 150.0.7871.115) lets an attacker who has already compromised the renderer process break out of the sandbox and reach the higher-privileged browser process via a crafted HTML page. The flaw is a CWE-416 use-after-free rated High by Chromium and CVSS 8.3, with a scope change reflecting the renderer-to-browser boundary crossing. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but as the second stage of a browser exploit chain it is a meaningful patch priority.

Memory Corruption Google Microsoft +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free in the browser's Input component, letting a remote attacker who lures a victim to a crafted HTML page run arbitrary code inside the renderer sandbox. Google rates the Chromium severity High and CVSS is 8.8, requiring user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the memory-corruption class and network attack vector make it a standard high-priority browser patch.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component (versions prior to 150.0.7871.115) lets a remote attacker who lures a user into performing specific UI gestures potentially achieve code execution via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and CVSS 7.5, with a vendor patch already shipped in the July 2026 Stable channel update; no public exploit has been identified at time of analysis. Exploitation is gated by high attack complexity and required user interaction, making it credible but not trivially weaponizable.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code (constrained to the renderer sandbox) by luring a victim to a crafted HTML page that triggers a use-after-free in the Actor component. The flaw is network-reachable and requires only that the user visit a malicious page, but Chromium rates the severity High rather than Critical because code execution stays inside the renderer sandbox. No public exploit identified at time of analysis; no EPSS or KEV signal was supplied in the input.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Android before 150.0.7871.115 stems from a use-after-free in the Autofill component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Rated High by Chromium and carrying a CVSS 9.6 due to the scope-changing impact, it currently has no public exploit identified at time of analysis and is not listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel update.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote heap corruption in Google Chrome desktop before 150.0.7871.115 stems from a use-after-free (CWE-416) in Ozone, the platform abstraction layer that mediates windowing, graphics, and input. A remote attacker who lures a victim into loading a crafted HTML page can trigger the freed-memory reuse and potentially achieve renderer-level code execution; Chromium rates the underlying flaw Critical. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, low-complexity CVSS 8.8 profile makes it a high-priority browser patch.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Views UI framework (versions prior to 150.0.7871.115) lets a remote attacker who lures a user into performing specific UI gestures on a crafted HTML page potentially execute code or crash the browser via a use-after-free. Google rates the Chromium severity High; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Chrome UAF bugs are historically attractive exploitation targets.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Renderer-process code execution in Google Chrome desktop before 150.0.7871.115 arises from a use-after-free in the IndexedDB implementation, letting a remote attacker run arbitrary code within the Chromium sandbox when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity even though the CVSS base score is 8.8, reflecting that execution is confined to the sandboxed renderer rather than the host. A vendor patch is available and no public exploit has been identified at time of analysis.

Memory Corruption Google Denial Of Service +2
NVD VulDB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Memory corruption in the User-ID Terminal Server Agent (TSA) of Palo Alto Networks PAN-OS lets an unauthenticated network attacker crash the service (DoS) or potentially execute arbitrary code by sending crafted traffic to the TSA listener. Multiple out-of-bounds write bugs are involved; the vendor's CVSS 4.0 vector flags the exploit as unproven (E:U), and no public exploit has been identified at time of analysis. Panorama is explicitly not affected, and exposure hinges on whether the optional TSA component is deployed and reachable.

Memory Corruption Paloalto Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows a crafted PDF containing embedded JavaScript to free page objects and trigger a dangling write to pop-up annotation objects. An attacker who convinces a user to open a malicious document can crash the application and potentially achieve arbitrary code execution in the user's context. No public exploit identified at time of analysis; the flaw was reported privately by Foxit.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Reader (≤2026.1.1) arises when a crafted PDF's embedded JavaScript rewrites the document to alter the page structure, freeing the underlying page objects while the thumbnail renderer continues to reference them - a classic use-after-free (CWE-416). A victim who merely opens the file triggers the dangling reference, causing an application crash and, given the CVSS confidentiality/integrity impact, a plausible path to code execution. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a crafted PDF whose embedded JavaScript deletes the current page, after which subsequent scripts dereference now-freed document-view properties and crash the application. This is a CWE-416 use-after-free reported by Foxit; no public exploit identified at time of analysis, and it is not listed in CISA KEV. The documented impact is an application crash, though the underlying memory-corruption class warrants caution about potential escalation.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
Prev Page 2 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy