Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2025-47375 HIGH PATCH This Week

Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Qca6678aq Firmware Qcs2290 Firmware Mdm9628 Firmware +157
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47373 HIGH This Week

Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]

Memory Corruption Qcm4490 Firmware Wcn3910 Firmware Sm7675 Firmware Sm8475p Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20444 MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20443 MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20797 MEDIUM This Month

Unauthenticated attackers can exploit a stack buffer overflow in XWEB Pro firmware (versions 1.12.1 and earlier) through an unprotected API endpoint to corrupt memory and crash the affected device. This vulnerability impacts Xweb 500b Pro, 300d Pro, and 500d Pro models, causing denial of service with no authentication required. No patch is currently available for this issue.

Buffer Overflow Memory Corruption Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-2597 HIGH This Week

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length parameter validation bypass in the random_bytes() function. When negative values are passed to the function, integer wraparound causes incorrect memory allocation and unbounded writes to heap memory, triggering application crashes. Exploitation requires attacker control over the length argument, which in typical usage is hardcoded, limiting practical attack scenarios.

Buffer Overflow Memory Corruption Denial Of Service Crypt
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27711 MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.5.1637.0 contain an out-of-bounds memory access flaw in the UFS file parser that can be triggered by opening a malicious .ufs/.ufs2/.img archive file, potentially causing process crashes, hangs, or exploitable heap corruption. Local attackers can exploit this vulnerability through normal file-open operations without elevated privileges, and public exploit code is available. No patch is currently available for affected versions.

Memory Corruption Denial Of Service Nanazip
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-26965 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26955 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3145 MEDIUM POC PATCH This Month

Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.

Memory Corruption Libvips
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2807 CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2805 CRITICAL PATCH Act Now

Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.

Mozilla Memory Corruption Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2804 MEDIUM PATCH This Month

A use-after-free vulnerability in Firefox and Thunderbird's JavaScript WebAssembly engine allows remote attackers to achieve information disclosure or data manipulation through a malicious webpage or email attachment that requires user interaction. Affected versions include Firefox below 148 and Thunderbird below 148, with no patch currently available. The vulnerability has a network attack vector with low complexity and carries a CVSS score of 5.4.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-2799 CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Core & HTML before 148. DOM object lifecycle error.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2798 HIGH PATCH This Week

A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2797 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC before 148. Second GC UAF, different from CVE-2026-2795.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2796 CRITICAL POC PATCH Act Now

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Mozilla Memory Corruption Information Disclosure Thunderbird
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2795 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC component before 148. GC-specific UAF affecting only mainline Firefox and Thunderbird.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2793 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2792 CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow RCE Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2789 CRITICAL PATCH Act Now

Use-after-free in Firefox ImageLib graphics component before 148. Image processing triggers use of freed memory.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2787 CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Window and Location component before 148. Window/Location lifecycle management error.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2786 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. Fourth distinct JS engine UAF in this release.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2785 CRITICAL PATCH Act Now

Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.

Mozilla Memory Corruption Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2783 HIGH PATCH This Week

Unauthenticated attackers can extract sensitive information from Firefox and Thunderbird users through a JavaScript engine JIT compilation flaw, affecting all versions prior to Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The vulnerability requires no user interaction and can be exploited remotely over the network. No patch is currently available for this high-severity flaw.

Information Disclosure Memory Corruption Mozilla
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2772 CRITICAL PATCH Act Now

Use-after-free in Firefox Audio/Video Playback component before 148. Media playback triggers memory corruption.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2770 CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Bindings (WebIDL) component before 148. Memory corruption in the interface between JavaScript and native DOM objects.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2769 HIGH PATCH This Week

A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2767 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript WebAssembly component before 148. WebAssembly-specific memory management bug.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2766 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript JIT compiler before 148. Second JIT-related UAF in this release, different from CVE-2026-2764.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2765 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148 and Thunderbird ESR 140.8. Separate UAF from CVE-2026-2763 and CVE-2026-2758.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2764 CRITICAL PATCH Act Now

JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2763 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. One of multiple JS engine UAFs fixed in this release.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2758 CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript garbage collector before 148 allows remote code execution through crafted JavaScript.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25970 NuGet MEDIUM PATCH This Month

A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 #0 0x7f379d5adb53 (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53) ```

Integer Overflow Memory Corruption Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2048 HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2045 HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-2681 MEDIUM This Month

The blst cryptographic library is vulnerable to an out-of-bounds stack write in the blst_sha256_bcopy routine when processing zero-length salt parameters in key generation functions, allowing remote attackers to trigger memory corruption and process crashes. Applications that expose blst_keygen_v5() or similar functions to untrusted input are susceptible to denial-of-service attacks. No patch is currently available for this vulnerability.

Memory Corruption Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-1200 MEDIUM This Month

Memory corruption in the rgaufman/live555 fork's `increaseBufferTo` function can be triggered by remote attackers with low privileges, causing segmentation faults and potential system instability. The vulnerability requires network access but no user interaction, affecting systems running vulnerable versions of the affected library. No patch is currently available for this issue.

Memory Corruption Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-0665 MEDIUM PATCH This Month

QEMU's KVM Xen guest support contains an off-by-one error in the physdev hypercall interface that allows authenticated guest users to trigger out-of-bounds heap memory access within the hypervisor process. This vulnerability can lead to denial of service through memory corruption, potentially affecting virtualized environments running QEMU with Xen guest support enabled. No patch is currently available.

Memory Corruption Denial Of Service Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23227 HIGH PATCH This Week

Use-after-free in Linux kernel's Exynos Virtual Display (drm/exynos vidi) driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The vulnerability stems from missing lock protection during concurrent memory allocation/deallocation operations in the vidi_context structure. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple kernel stable branches.

Linux Use After Free Information Disclosure Samsung Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23226 HIGH PATCH This Week

The Linux kernel ksmbd subsystem contains a use-after-free vulnerability in multi-channel session handling due to missing synchronization on the ksmbd_chann_list xarray, allowing a local attacker with user privileges to cause memory corruption and potentially execute arbitrary code. The vulnerability affects the channel lookup and deletion operations between multiple concurrent sessions. A patch is available to add proper locking mechanisms to protect xarray access.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23224 HIGH PATCH This Week

The Linux kernel erofs file system contains a use-after-free vulnerability in direct I/O file-backed mount operations that allows local attackers with user privileges to cause memory corruption and potentially achieve code execution or denial of service. The vulnerability occurs when accessing files through the directio option, where freed memory is subsequently accessed during I/O operations. A patch is not currently available, making this a critical concern for systems running affected Linux kernel versions.

Linux Information Disclosure Memory Corruption Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23223 HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel XFS subsystem allows local attackers with unprivileged access to cause memory corruption and potential privilege escalation through improper pointer dereferencing in the btree block owner checking function. The flaw stems from attempting to access freed memory due to incorrect temporal ordering of operations when determining cursor aliases. This vulnerability affects all Linux systems using XFS and currently lacks a patch.

Linux Information Disclosure Memory Corruption Use After Free Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23221 HIGH PATCH This Week

The Linux kernel's fsl-mc bus driver contains a use-after-free vulnerability in the driver_override_show() function that reads device configuration without proper locking, allowing a local privileged user to trigger memory corruption by concurrently modifying the same data. This vulnerability affects Linux systems running vulnerable kernel versions and could enable local denial of service or potential privilege escalation through heap memory manipulation. No patch is currently available for this issue.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71234 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23216 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's iSCSI target implementation allows local attackers with low privileges to cause memory corruption and potential denial of service by exploiting a race condition in the connection usage counting mechanism. The flaw occurs when a spinlock is released after calling complete(), allowing a waiting thread to free the connection structure before the current thread finishes its unlock operation. No patch is currently available for this vulnerability.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26731 HIGH POC This Week

Remote code execution in TOTOLIK A3002RU V2.1.1 firmware results from a stack-based buffer overflow in the DNS configuration function that can be exploited by authenticated network users. Public exploit code exists for this vulnerability, and attackers with valid credentials can achieve full system compromise including code execution and data manipulation. No patch is currently available.

Buffer Overflow Memory Corruption A3002ru Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25087 PyPI HIGH PATCH GHSA This Week

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. [CVSS 7.0 HIGH]

Apache Python Ruby Use After Free Memory Corruption +4
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-2474 HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2522 MEDIUM POC This Month

Memory corruption in Open5GS up to version 2.7.6 allows remote attackers to cause denial of service through manipulation of the MME component's esm-build.c file. Public exploit code exists for this vulnerability, and the Open5GS project has not yet released a patch despite early notification.

Memory Corruption Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-2521 MEDIUM POC This Month

Memory corruption in Open5GS versions up to 2.7.6 allows remote attackers to trigger a denial of service condition by manipulating the SGW-C session creation handler, with public exploit code already available. The vulnerability requires no authentication or user interaction and currently lacks a vendor patch, leaving affected deployments vulnerable to remote availability attacks.

Memory Corruption Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-23209 HIGH PATCH This Week

Local privilege escalation in the Linux kernel macvlan driver allows a local attacker with user privileges to cause memory corruption and kernel crashes through improper error handling in macvlan_common_newlink(). The vulnerability stems from a use-after-free condition when macvlan link creation fails during device registration, enabling denial of service and potential privilege escalation on affected systems.

Linux Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23208 HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA USB audio driver allows local attackers with user privileges to write beyond allocated URB buffers by crafting malicious audio parameters with mismatched packet sizes and frame counts. An attacker can trigger out-of-bounds memory corruption, potentially achieving privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23195 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: avoid pool UAF An UAF issue was observed: BUG: KASAN: slab-use-after-free in page_counter_uncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod 6.19.0-rc7-next-20260129+ #11 Tainted: [O]=OOT_MODULE Call Trace: <TASK> dump_stack_lvl+0x82/0xd0 kasan_report+0xca/0x100 kasan_check_range+0x39/0x1c0 page_counter_uncharge+0x65/0x150 dmem_cgroup_uncharge+0x1f/0x260 Allocated by task 527: Freed by task 0: The buggy address belongs to the object at ffff888106715400 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 64 bytes inside of freed 512-byte region [ffff888106715400, ffff888106715600) The buggy address belongs to the physical page: Memory state around the buggy address: ffff888106715300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888106715380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888106715400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888106715480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888106715500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb The issue occurs because a pool can still be held by a caller after its associated memory region is unregistered.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23193 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23192 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use __dev_put() in callers to prevent UAF After linkwatch_do_dev() calls __dev_put() to release the linkwatch reference, the device refcount may drop to 1.

Linux Debian Use After Free Information Disclosure Memory Corruption +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23191 HIGH PATCH This Week

The Linux kernel's ALSA loopback driver contains a use-after-free vulnerability in the PCM trigger callback due to inadequate locking when accessing shared cable state during concurrent stream operations. A local attacker with minimal privileges can trigger this flaw by rapidly opening, closing, and triggering PCM streams, potentially causing kernel crashes or memory corruption. No patch is currently available for this vulnerability.

Linux Information Disclosure Memory Corruption Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23185 HIGH PATCH This Week

The Linux kernel iwlwifi driver fails to properly cancel the mlo_scan_start_wk work queue item during disconnection, allowing it to execute after associated data structures are freed or modified. A local attacker with standard user privileges can trigger use-after-free or initialization-after-free memory corruption by manipulating interface state transitions, potentially leading to denial of service or privilege escalation. No patch is currently available.

Linux Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23184 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's binder subsystem allows local attackers with low privileges to cause memory corruption by accessing transaction objects after they have been freed during frozen target thawing. The flaw exists in binder_netlink_report() which dereferences a transaction pointer following a BR_TRANSACTION_PENDING_FROZEN error, potentially enabling denial of service or local privilege escalation. No patch is currently available.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23171 HIGH PATCH This Week

The Linux kernel bonding driver contains a use-after-free vulnerability in the slave device initialization path that allows local attackers with user privileges to cause memory corruption or denial of service. The flaw occurs when slave array updates happen before XDP setup completion, enabling the new slave to be used for transmission before being freed by error cleanup handlers. This affects Debian, Ubuntu, and other Linux distributions running vulnerable kernel versions.

Linux Debian Use After Free Denial Of Service Canonical +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23158 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's gpio-virtuser configfs release path allows local users with standard privileges to trigger memory corruption and potentially achieve code execution by causing mutex operations on freed memory. The flaw exists because the device structure is freed while a mutex guard scope is still active, leading to undefined behavior when the guard attempts to unlock the already-destroyed mutex. This vulnerability affects Linux systems with the affected kernel versions and requires local access to exploit.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23112 CRITICAL PATCH CISA Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23111 HIGH PATCH CISA Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables module allows local attackers with unprivileged access to cause memory corruption and denial of service through an inverted logic check in catchall map element activation during failed transactions. The flaw occurs in nft_map_catchall_activate() which incorrectly processes already-active elements instead of inactive ones, potentially leading to privilege escalation or system crash. No patch is currently available.

Linux Use After Free Privilege Escalation Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20616 HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25990 PyPI HIGH PATCH GHSA This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2020-37208 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2021-26381 Monitor

Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

Linux Memory Corruption
NVD
EPSS
0.0%
CVE-2026-25506 HIGH PATCH This Week

Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.

Buffer Overflow Munge Debian Linux Memory Corruption
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21253 HIGH PATCH This Week

Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-27243 MEDIUM This Month

Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]

Denial Of Service Intel Memory Corruption Buffer Overflow Ethernet Controller
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-24320 LOW Monitor

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]

SAP Memory Corruption
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-24678 HIGH PATCH This Week

Denial-of-service in FreeRDP's camera redirection (rdpecam) client channel allows a malicious or compromised RDP server to crash connected clients running versions prior to 3.22.0. The capture thread continues sending sample responses through a channel callback that was already freed when the device channel closed, producing a use-after-free in ecam_channel_write. EPSS is low (0.02%), it is not on CISA KEV, and no public exploit identified at time of analysis, but an upstream fix and multiple distro advisories exist.

Use After Free Freerdp Denial Of Service Memory Corruption
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2020-37140 MEDIUM POC This Month

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. [CVSS 5.5 MEDIUM]

Denial Of Service Memory Corruption Buffer Overflow Aida64
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-25584 HIGH POC PATCH This Week

Stack buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to corrupt memory, leak sensitive information, or execute arbitrary code by supplying malformed ICC color profile files. The vulnerability exists in the CIccTagFloatNum<>::GetValues() function and is triggered during profile processing, affecting users who handle untrusted ICC files. Public exploit code exists for this vulnerability.

Memory Corruption Information Disclosure Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25508 MEDIUM PATCH This Month

Out-of-bounds read in ESP-IDF versions 5.1.6 through 5.5.2 allows remote attackers to trigger memory corruption via malformed BLE prepare-write requests during device provisioning mode. An unauthenticated BLE client can exploit improper length tracking in the protocomm_ble transport to cause the provisioning handler to read beyond allocated buffer boundaries. This results in potential information disclosure and denial of service for affected IoT devices.

IoT Memory Corruption Esp Idf
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-23092 HIGH PATCH This Week

Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23089 HIGH POC PATCH This Week

A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23078 HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23077 HIGH PATCH This Week

Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.

Linux Memory Corruption Information Disclosure Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23074 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's teql qdisc implementation allows local attackers with low privileges to trigger memory corruption and cause denial of service or potential code execution by improperly nesting teql as a non-root qdisc when it is designed to operate only as a root qdisc. The flaw exists due to missing validation of qdisc constraints and currently has no available patch. This affects all Linux systems using the vulnerable kernel versions.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23073 HIGH PATCH This Week

The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0661 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, resulting in a CWE-787 out-of-bounds write that corrupts memory and lets an attacker run code in the context of the user running 3ds Max. No public exploit identified at time of analysis, and the EPSS probability is only 0.01%, but the CVSS base score of 8.4 reflects the high impact when a victim is convinced to open a weaponized asset file.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0538 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted GIF file, triggering an out-of-bounds write (CWE-787) in its image-handling code. The flaw lets an attacker run code in the context of the user running 3ds Max; no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.

Buffer Overflow RCE Memory Corruption 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0537 HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, triggering an out-of-bounds write (CWE-787) that corrupts memory in the running process. Exploitation requires a victim to open the malicious file locally, but no public exploit has been identified at time of analysis and EPSS rates real-world exploitation likelihood at just 0.01%. The flaw was reported by Autodesk PSIRT and is tracked under advisory ADSK-SA-2026-0002.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-62799 CRITICAL PATCH Act Now

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.

Buffer Overflow Memory Corruption Denial Of Service Debian Linux Fast Dds
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-47399 HIGH This Week

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. [CVSS 7.8 HIGH]

Memory Corruption X2000086 Firmware Xg101002 Firmware Wsa8845 Firmware X2000094 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47398 HIGH PATCH This Week

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]

Industrial Memory Corruption Robotics Rb2 Firmware Sm7435 Firmware Smart Audio 400 Firmware +145
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47397 HIGH PATCH This Week

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]

Memory Corruption Srv1h Firmware Qcs4490 Firmware Snapdragon 6 Gen 4 Mobile Firmware Snapdragon Ar1 Gen 1 Firmware +138
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47364 MEDIUM This Month

Memory corruption while calculating offset from partition start point. [CVSS 6.8 MEDIUM]

Memory Corruption Qam8650p Firmware Sa8650p Firmware Sa6145p Firmware Sa7775p Firmware +31
NVD
CVSS 3.1
6.8
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Qca6678aq Firmware +159
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]

Memory Corruption Qcm4490 Firmware Wcn3910 Firmware +181
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthenticated attackers can exploit a stack buffer overflow in XWEB Pro firmware (versions 1.12.1 and earlier) through an unprotected API endpoint to corrupt memory and crash the affected device. This vulnerability impacts Xweb 500b Pro, 300d Pro, and 500d Pro models, causing denial of service with no authentication required. No patch is currently available for this issue.

Buffer Overflow Memory Corruption Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length parameter validation bypass in the random_bytes() function. When negative values are passed to the function, integer wraparound causes incorrect memory allocation and unbounded writes to heap memory, triggering application crashes. Exploitation requires attacker control over the length argument, which in typical usage is hardcoded, limiting practical attack scenarios.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 6.6
MEDIUM POC This Month

NanaZip versions 5.0.1252.0 through 6.5.1637.0 contain an out-of-bounds memory access flaw in the UFS file parser that can be triggered by opening a malicious .ufs/.ufs2/.img archive file, potentially causing process crashes, hangs, or exploitable heap corruption. Local attackers can exploit this vulnerability through normal file-open operations without elevated privileges, and public exploit code is available. No patch is currently available for affected versions.

Memory Corruption Denial Of Service Nanazip
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 8.8 HIGH]

Buffer Overflow Freerdp Memory Corruption
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.

Memory Corruption Libvips
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox 147 and Thunderbird 147 with evidence of memory corruption. Mainline-only bugs not present in ESR branches.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Invalid pointer in Firefox DOM Core & HTML before 148. Incorrect pointer computation leads to memory access errors.

Mozilla Memory Corruption Information Disclosure
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A use-after-free vulnerability in Firefox and Thunderbird's JavaScript WebAssembly engine allows remote attackers to achieve information disclosure or data manipulation through a malicious webpage or email attachment that requires user interaction. Affected versions include Firefox below 148 and Thunderbird below 148, with no patch currently available. The vulnerability has a network attack vector with low complexity and carries a CVSS score of 5.4.

Use After Free Memory Corruption Mozilla +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Core & HTML before 148. DOM object lifecycle error.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in Firefox and Thunderbird's DOM processing allows remote attackers to execute arbitrary code through a malicious webpage or email attachment, requiring only user interaction to trigger. This affects Firefox versions below 148 and Thunderbird versions below 148, with no patch currently available.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC before 148. Second GC UAF, different from CVE-2026-2795.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

JIT miscompilation in Firefox WebAssembly before 148. The JIT compiler generates incorrect Wasm code, enabling type confusion. PoC available.

Mozilla Memory Corruption Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript GC component before 148. GC-specific UAF affecting only mainline Firefox and Thunderbird.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 115.32, ESR 140.7, and Firefox 147. Broader set of memory corruption issues than CVE-2026-2792.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory safety bugs in Firefox ESR 140.7 and Firefox 147 with evidence of memory corruption and potential code execution exploitability.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox ImageLib graphics component before 148. Image processing triggers use of freed memory.

Use After Free Memory Corruption Mozilla +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Window and Location component before 148. Window/Location lifecycle management error.

Use After Free Memory Corruption Mozilla +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. Fourth distinct JS engine UAF in this release.

Use After Free Memory Corruption Mozilla +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Invalid pointer in Firefox JavaScript Engine before 148. Incorrect pointer computation leads to memory corruption.

Mozilla Memory Corruption Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated attackers can extract sensitive information from Firefox and Thunderbird users through a JavaScript engine JIT compilation flaw, affecting all versions prior to Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The vulnerability requires no user interaction and can be exploited remotely over the network. No patch is currently available for this high-severity flaw.

Information Disclosure Memory Corruption Mozilla
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox Audio/Video Playback component before 148. Media playback triggers memory corruption.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox DOM Bindings (WebIDL) component before 148. Memory corruption in the interface between JavaScript and native DOM objects.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in the IndexedDB storage component of Firefox and Thunderbird allows remote attackers to achieve arbitrary code execution through user interaction. Affected versions include Firefox below 148, Firefox ESR below 115.33 and 140.8, and Thunderbird below 148 and 140.8. No patch is currently available for this high-severity flaw.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript WebAssembly component before 148. WebAssembly-specific memory management bug.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript JIT compiler before 148. Second JIT-related UAF in this release, different from CVE-2026-2764.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148 and Thunderbird ESR 140.8. Separate UAF from CVE-2026-2763 and CVE-2026-2758.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JIT miscompilation causing use-after-free in Firefox JavaScript JIT compiler before 148. JIT bugs are highly exploitable due to their deterministic nature.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript Engine before 148. One of multiple JS engine UAFs fixed in this release.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Firefox JavaScript garbage collector before 148 allows remote code execution through crafted JavaScript.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 #0 0x7f379d5adb53 (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53) ```

Integer Overflow Memory Corruption Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

The blst cryptographic library is vulnerable to an out-of-bounds stack write in the blst_sha256_bcopy routine when processing zero-length salt parameters in key generation functions, allowing remote attackers to trigger memory corruption and process crashes. Applications that expose blst_keygen_v5() or similar functions to untrusted input are susceptible to denial-of-service attacks. No patch is currently available for this vulnerability.

Memory Corruption Red Hat
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Memory corruption in the rgaufman/live555 fork's `increaseBufferTo` function can be triggered by remote attackers with low privileges, causing segmentation faults and potential system instability. The vulnerability requires network access but no user interaction, affecting systems running vulnerable versions of the affected library. No patch is currently available for this issue.

Memory Corruption Red Hat Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

QEMU's KVM Xen guest support contains an off-by-one error in the physdev hypercall interface that allows authenticated guest users to trigger out-of-bounds heap memory access within the hypervisor process. This vulnerability can lead to denial of service through memory corruption, potentially affecting virtualized environments running QEMU with Xen guest support enabled. No patch is currently available.

Memory Corruption Denial Of Service Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's Exynos Virtual Display (drm/exynos vidi) driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The vulnerability stems from missing lock protection during concurrent memory allocation/deallocation operations in the vidi_context structure. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple kernel stable branches.

Linux Use After Free Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Linux kernel ksmbd subsystem contains a use-after-free vulnerability in multi-channel session handling due to missing synchronization on the ksmbd_chann_list xarray, allowing a local attacker with user privileges to cause memory corruption and potentially execute arbitrary code. The vulnerability affects the channel lookup and deletion operations between multiple concurrent sessions. A patch is available to add proper locking mechanisms to protect xarray access.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel erofs file system contains a use-after-free vulnerability in direct I/O file-backed mount operations that allows local attackers with user privileges to cause memory corruption and potentially achieve code execution or denial of service. The vulnerability occurs when accessing files through the directio option, where freed memory is subsequently accessed during I/O operations. A patch is not currently available, making this a critical concern for systems running affected Linux kernel versions.

Linux Information Disclosure Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Linux kernel XFS subsystem allows local attackers with unprivileged access to cause memory corruption and potential privilege escalation through improper pointer dereferencing in the btree block owner checking function. The flaw stems from attempting to access freed memory due to incorrect temporal ordering of operations when determining cursor aliases. This vulnerability affects all Linux systems using XFS and currently lacks a patch.

Linux Information Disclosure Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel's fsl-mc bus driver contains a use-after-free vulnerability in the driver_override_show() function that reads device configuration without proper locking, allowing a local privileged user to trigger memory corruption by concurrently modifying the same data. This vulnerability affects Linux systems running vulnerable kernel versions and could enable local denial of service or potential privilege escalation through heap memory manipulation. No patch is currently available for this issue.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's iSCSI target implementation allows local attackers with low privileges to cause memory corruption and potential denial of service by exploiting a race condition in the connection usage counting mechanism. The flaw occurs when a spinlock is released after calling complete(), allowing a waiting thread to free the connection structure before the current thread finishes its unlock operation. No patch is currently available for this vulnerability.

Linux Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in TOTOLIK A3002RU V2.1.1 firmware results from a stack-based buffer overflow in the DNS configuration function that can be exploited by authenticated network users. Public exploit code exists for this vulnerability, and attackers with valid credentials can achieve full system compromise including code execution and data manipulation. No patch is currently available.

Buffer Overflow Memory Corruption A3002ru Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. [CVSS 7.0 HIGH]

Apache Python Ruby +6
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Memory corruption in Open5GS up to version 2.7.6 allows remote attackers to cause denial of service through manipulation of the MME component's esm-build.c file. Public exploit code exists for this vulnerability, and the Open5GS project has not yet released a patch despite early notification.

Memory Corruption Open5gs
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Memory corruption in Open5GS versions up to 2.7.6 allows remote attackers to trigger a denial of service condition by manipulating the SGW-C session creation handler, with public exploit code already available. The vulnerability requires no authentication or user interaction and currently lacks a vendor patch, leaving affected deployments vulnerable to remote availability attacks.

Memory Corruption Open5gs
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel macvlan driver allows a local attacker with user privileges to cause memory corruption and kernel crashes through improper error handling in macvlan_common_newlink(). The vulnerability stems from a use-after-free condition when macvlan link creation fails during device registration, enabling denial of service and potential privilege escalation on affected systems.

Linux Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA USB audio driver allows local attackers with user privileges to write beyond allocated URB buffers by crafting malicious audio parameters with mismatched packet sizes and frame counts. An attacker can trigger out-of-bounds memory corruption, potentially achieving privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: avoid pool UAF An UAF issue was observed: BUG: KASAN: slab-use-after-free in page_counter_uncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod 6.19.0-rc7-next-20260129+ #11 Tainted: [O]=OOT_MODULE Call Trace: <TASK> dump_stack_lvl+0x82/0xd0 kasan_report+0xca/0x100 kasan_check_range+0x39/0x1c0 page_counter_uncharge+0x65/0x150 dmem_cgroup_uncharge+0x1f/0x260 Allocated by task 527: Freed by task 0: The buggy address belongs to the object at ffff888106715400 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 64 bytes inside of freed 512-byte region [ffff888106715400, ffff888106715600) The buggy address belongs to the physical page: Memory state around the buggy address: ffff888106715300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888106715380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888106715400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888106715480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888106715500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb The issue occurs because a pool can still be held by a caller after its associated memory region is unregistered.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use __dev_put() in callers to prevent UAF After linkwatch_do_dev() calls __dev_put() to release the linkwatch reference, the device refcount may drop to 1.

Linux Debian Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel's ALSA loopback driver contains a use-after-free vulnerability in the PCM trigger callback due to inadequate locking when accessing shared cable state during concurrent stream operations. A local attacker with minimal privileges can trigger this flaw by rapidly opening, closing, and triggering PCM streams, potentially causing kernel crashes or memory corruption. No patch is currently available for this vulnerability.

Linux Information Disclosure Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel iwlwifi driver fails to properly cancel the mlo_scan_start_wk work queue item during disconnection, allowing it to execute after associated data structures are freed or modified. A local attacker with standard user privileges can trigger use-after-free or initialization-after-free memory corruption by manipulating interface state transitions, potentially leading to denial of service or privilege escalation. No patch is currently available.

Linux Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's binder subsystem allows local attackers with low privileges to cause memory corruption by accessing transaction objects after they have been freed during frozen target thawing. The flaw exists in binder_netlink_report() which dereferences a transaction pointer following a BR_TRANSACTION_PENDING_FROZEN error, potentially enabling denial of service or local privilege escalation. No patch is currently available.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel bonding driver contains a use-after-free vulnerability in the slave device initialization path that allows local attackers with user privileges to cause memory corruption or denial of service. The flaw occurs when slave array updates happen before XDP setup completion, enabling the new slave to be used for transmission before being freed by error cleanup handlers. This affects Debian, Ubuntu, and other Linux distributions running vulnerable kernel versions.

Linux Debian Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's gpio-virtuser configfs release path allows local users with standard privileges to trigger memory corruption and potentially achieve code execution by causing mutex operations on freed memory. The flaw exists because the device structure is freed while a mutex guard scope is still active, leading to undefined behavior when the guard attempts to unlock the already-destroyed mutex. This vulnerability affects Linux systems with the affected kernel versions and requires local access to exploit.

Linux Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables module allows local attackers with unprivileged access to cause memory corruption and denial of service through an inverted logic check in catchall map element activation during failed transactions. The flaw occurs in nft_map_catchall_activate() which incorrectly processes already-active elements instead of inactive ones, potentially leading to privilege escalation or system crash. No patch is currently available.

Linux Use After Free Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp +1
NVD Exploit-DB VulDB
EPSS 0%
Monitor

Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

Linux Memory Corruption
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.

Buffer Overflow Munge Debian Linux +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Use After Free Denial Of Service Memory Corruption
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]

Denial Of Service Intel Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 3.1
LOW Monitor

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]

SAP Memory Corruption
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial-of-service in FreeRDP's camera redirection (rdpecam) client channel allows a malicious or compromised RDP server to crash connected clients running versions prior to 3.22.0. The capture thread continues sending sample responses through a channel callback that was already freed when the device channel closed, producing a use-after-free in ecam_channel_write. EPSS is low (0.02%), it is not on CISA KEV, and no public exploit identified at time of analysis, but an upstream fix and multiple distro advisories exist.

Use After Free Freerdp Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. [CVSS 5.5 MEDIUM]

Denial Of Service Memory Corruption Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Stack buffer overflow in iccDEV versions prior to 2.3.1.3 allows local attackers to corrupt memory, leak sensitive information, or execute arbitrary code by supplying malformed ICC color profile files. The vulnerability exists in the CIccTagFloatNum<>::GetValues() function and is triggered during profile processing, affecting users who handle untrusted ICC files. Public exploit code exists for this vulnerability.

Memory Corruption Information Disclosure Iccdev
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Out-of-bounds read in ESP-IDF versions 5.1.6 through 5.5.2 allows remote attackers to trigger memory corruption via malformed BLE prepare-write requests during device provisioning mode. An unauthenticated BLE client can exploit improper length tracking in the protocomm_ble transport to cause the provisioning handler to read beyond allocated buffer boundaries. This results in potential information disclosure and denial of service for affected IoT devices.

IoT Memory Corruption Esp Idf
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.

Linux Use After Free Memory Corruption +4
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.

Linux Memory Corruption Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's teql qdisc implementation allows local attackers with low privileges to trigger memory corruption and cause denial of service or potential code execution by improperly nesting teql as a non-root qdisc when it is designed to operate only as a root qdisc. The flaw exists due to missing validation of qdisc constraints and currently has no available patch. This affects all Linux systems using the vulnerable kernel versions.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.

Linux Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, resulting in a CWE-787 out-of-bounds write that corrupts memory and lets an attacker run code in the context of the user running 3ds Max. No public exploit identified at time of analysis, and the EPSS probability is only 0.01%, but the CVSS base score of 8.4 reflects the high impact when a victim is convinced to open a weaponized asset file.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted GIF file, triggering an out-of-bounds write (CWE-787) in its image-handling code. The flaw lets an attacker run code in the context of the user running 3ds Max; no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.03%.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when the application parses a maliciously crafted RGB image file, triggering an out-of-bounds write (CWE-787) that corrupts memory in the running process. Exploitation requires a victim to open the malicious file locally, but no public exploit has been identified at time of analysis and EPSS rates real-world exploitation likelihood at just 0.01%. The flaw was reported by Autodesk PSIRT and is tracked under advisory ADSK-SA-2026-0002.

Memory Corruption Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fast DDS (eProsima) has a heap buffer overflow in its C++ DDS implementation that allows remote attackers to execute code through crafted DDS protocol messages.

Buffer Overflow Memory Corruption Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. [CVSS 7.8 HIGH]

Memory Corruption X2000086 Firmware Xg101002 Firmware +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]

Industrial Memory Corruption Robotics Rb2 Firmware +147
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]

Memory Corruption Srv1h Firmware Qcs4490 Firmware +140
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Memory corruption while calculating offset from partition start point. [CVSS 6.8 MEDIUM]

Memory Corruption Qam8650p Firmware Sa8650p Firmware +33
NVD
Prev Page 22 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy