Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2025-53718 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53152 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53151 HIGH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53147 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53145 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53144 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2025-53143 HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-53142 HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 22h2 +4
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53140 HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53133 HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50159 HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49568 MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49563 HIGH This Week

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26403 MEDIUM PATCH This Month

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege. Rated medium severity (CVSS 4.5). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Intel Suse
NVD
CVSS 4.0
4.5
EPSS
0.0%
CVE-2025-38500 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption Use After Free Ubuntu +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40762 HIGH This Week

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Simcenter Femap
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-55157 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Vim Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-27536 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27128 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-24298 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-46709 HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55137 HIGH This Month

LinkJoin through 882f196 mishandles lacks type checking in password reset. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-8578 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8576 HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6633 HIGH This Month

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21474 HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21461 HIGH This Month

Memory corruption when programming registers through virtual CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sm6650 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21458 HIGH PATCH This Month

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6900 Firmware Qam8255p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21456 HIGH This Month

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Ar8035 Firmware C V2x 9150 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21021 MEDIUM This Month

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-21020 MEDIUM This Month

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-21017 MEDIUM This Month

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-54649 MEDIUM This Month

Vulnerability of using incompatible types to access resources in the location service. Rated medium severity (CVSS 4.5). No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-54635 MEDIUM This Month

Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54627 HIGH This Month

Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-54626 MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54616 MEDIUM This Month

Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-45183 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow Exynos 2100 Firmware Exynos 2200 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0932 MEDIUM Monitor

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free 5th Gen Gpu Architecture Userspace Driver Bifrost Gpu Userspace Driver +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48499 MEDIUM This Month

Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20698 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20697 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20696 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-23281 HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE Use After Free Microsoft +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-43277 HIGH This Week

Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43234 CRITICAL Act Now

Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allow remote code execution via maliciously crafted texture files. Affects all major Apple platforms prior to July 2025 updates (iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6). Despite a critical CVSS 9.8 score indicating network-exploitable remote code execution without authentication, EPSS shows only 0.18% exploitation probability (40th percentile), and no public exploit identified at time of analysis. The vulnerability requires processing specially crafted texture data, likely through applications handling untrusted image or 3D content.

Apple iOS macOS Memory Corruption Denial Of Service +5
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43221 HIGH This Week

Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS Buffer Overflow Denial Of Service +5
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-43212 MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS macOS Memory Corruption +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43211 MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS macOS Denial Of Service +8
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43209 CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS Safari Memory Corruption +6
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43186 CRITICAL Act Now

Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS 18.6, macOS (Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7), tvOS 18.6, visionOS 2.6, and watchOS 11.6. Unauthenticated attackers can trigger arbitrary code execution by delivering a maliciously crafted file requiring no user interaction beyond parsing. Despite CVSS 9.8 critical severity, EPSS score of 0.16% (37th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV, suggesting theoretical risk exceeds current real-world threat activity.

Apple iOS Memory Corruption Denial Of Service Ipados +4
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-31278 HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-31273 HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS macOS Memory Corruption +7
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-38471 HIGH PATCH This Week

Use-after-free in Linux kernel TLS implementation allows local authenticated users to achieve high confidentiality, integrity, and availability impact through memory corruption. The vulnerability, triggered by aggressive TCP SKB compaction in net-next, causes TLS to operate on freed socket buffers when checking decrypt state. A vendor patch is available across multiple kernel versions (6.1-rc2 through 6.1-rc5 and later stable branches). No active exploitation confirmed, but CWE-416 use-after-free bugs are frequently targeted due to their code execution potential. EPSS data not provided.

Information Disclosure Use After Free Memory Corruption Linux Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38426 MEDIUM PATCH This Month

Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.

Linux Linux Kernel Denial Of Service Memory Corruption Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38415 HIGH PATCH This Week

Out-of-bounds shift in the Linux kernel Squashfs filesystem allows a local attacker to trigger memory corruption by racing a LOOP_SET_BLOCK_SIZE ioctl against a concurrent Squashfs mount on the same loop device, causing sb_min_blocksize() to return 0 and the code in squashfs_fill_super() to compute a shift exponent of 64. The affected subsystem is the kernel Squashfs driver (fs/squashfs/block.c) on Linux and downstream distributions such as Debian 11. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Linux Memory Corruption Buffer Overflow Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-4878 LOW Monitor

Uninitialized variable in libssh's privatekey_from_file() function can cause heap corruption or signing failures when a non-existent key file is specified, allowing local authenticated attackers to trigger memory corruption with potential for information disclosure. CVSS 3.6 reflects local attack vector and high complexity; exploitation requires authenticated access and specific file conditions.

Information Disclosure Use After Free Memory Corruption
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2025-38350 HIGH PATCH This Week

Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.

Information Disclosure Use After Free Memory Corruption Linux Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42648 MEDIUM POC This Month

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

Buffer Overflow Memory Corruption Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7519 MEDIUM PATCH This Month

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

RCE Buffer Overflow Memory Corruption Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-25180 HIGH This Week

CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.

Memory Corruption Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3631 MEDIUM This Month

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Information Disclosure Use After Free Memory Corruption IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7029 HIGH This Week

CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.

Privilege Escalation Buffer Overflow Memory Corruption
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52952 MEDIUM PATCH This Month

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Denial Of Service Buffer Overflow Memory Corruption Juniper Junos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-2521 HIGH This Week

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 8.6). High severity vulnerability requiring prompt remediation.

RCE Buffer Overflow Honeywell Memory Corruption Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-53630 HIGH PATCH This Week

CVE-2025-53630 is a critical integer overflow vulnerability in llama.cpp's GGUF file parsing function that can trigger heap out-of-bounds read/write operations, potentially leading to information disclosure, memory corruption, or remote code execution. The vulnerability affects llama.cpp versions prior to commit 26a48ad699d50b6268900062661bd22f3e792579, with a CVSS score of 8.9 indicating high severity. The network-accessible attack vector (AV:N) combined with low complexity (AC:L) means remote attackers can exploit this without authentication by supplying malformed GGUF model files.

Heap Overflow Buffer Overflow Integer Overflow Memory Corruption Suse
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-7425 HIGH POC PATCH CISA Act Now

CVE-2025-7425 is a use-after-free (UAF) vulnerability in libxslt where improper memory management during XSLT tree fragment processing leads to heap corruption and potential code execution. The vulnerability affects libxslt library versions processing XSLT functions like key() that generate tree fragments, allowing local attackers with no privileges to trigger crashes or heap corruption through crafted XSLT stylesheets. While CVSS 7.8 indicates high severity, real-world impact depends on KEV inclusion status and whether public exploits exist; this vulnerability presents significant risk to applications embedding libxslt and processing untrusted XSLT input.

Denial Of Service Memory Corruption Use After Free
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2025-7424 HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-38317 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's ath12k WiFi driver debugfs interface that allows local users with root privileges to write more than 32 bytes to a debugfs buffer, causing memory corruption. While the CVSS score is 7.8 (High), the practical impact is limited to authenticated root users on systems with ath12k WiFi hardware; no public exploit or KEV listing is currently available, but the vulnerability demonstrates a classic boundary-check failure that could enable privilege escalation or system instability.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38298 HIGH PATCH This Week

CVE-2025-38298 is a general protection fault vulnerability in the Linux kernel's EDAC/skx_common module caused by failure to reset the 'adxl_component_count' variable during module unload/reload cycles. This affects users running i10nm_edac or skx_edac_common on Intel Xeon systems, allowing local attackers with low privileges to trigger a kernel crash or potential code execution through error injection testing or normal module lifecycle operations. The vulnerability has a CVSS score of 7.8 (high severity) but appears to be a reliability/denial-of-service issue rather than actively exploited in the wild.

Linux Memory Corruption Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38292 HIGH PATCH This Week

CVE-2025-38292 is a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver (ath12k_dp_rx_msdu_coalesce function) where the is_continuation boolean field is accessed after the skb (socket buffer) containing it has been freed. This affects local attackers with low privileges who can trigger network packet processing, potentially leading to information disclosure or denial of service. The vulnerability has not been reported as actively exploited in KEV, but the high CVSS score (7.1) and local attack vector indicate moderate real-world risk, particularly in systems where unprivileged users can influence WiFi packet handling.

Linux Use After Free Denial Of Service Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38259 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

Linux Use After Free Memory Corruption Information Disclosure Ubuntu +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38250 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38248 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides.

Linux Buffer Overflow Use After Free Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47133 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47132 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47129 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47127 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47126 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47124 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47121 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47098 HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49530 HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49529 HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49526 HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43594 HIGH This Week

InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43592 HIGH This Week

InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +12
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +16
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege. Rated medium severity (CVSS 4.5). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Simcenter Femap
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.4
HIGH This Month

LinkJoin through 882f196 mishandles lacks type checking in password reset. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Information Disclosure
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +45
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption when programming registers through virtual CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware +23
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free +24
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +64
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

Vulnerability of using incompatible types to access resources in the location service. Rated medium severity (CVSS 4.5). No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Buffer Overflow +7
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 7.0
HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allow remote code execution via maliciously crafted texture files. Affects all major Apple platforms prior to July 2025 updates (iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6). Despite a critical CVSS 9.8 score indicating network-exploitable remote code execution without authentication, EPSS shows only 0.18% exploitation probability (40th percentile), and no public exploit identified at time of analysis. The vulnerability requires processing specially crafted texture data, likely through applications handling untrusted image or 3D content.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS +10
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS +8
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS 18.6, macOS (Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7), tvOS 18.6, visionOS 2.6, and watchOS 11.6. Unauthenticated attackers can trigger arbitrary code execution by delivering a maliciously crafted file requiring no user interaction beyond parsing. Despite CVSS 9.8 critical severity, EPSS score of 0.16% (37th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV, suggesting theoretical risk exceeds current real-world threat activity.

Apple iOS Memory Corruption +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel TLS implementation allows local authenticated users to achieve high confidentiality, integrity, and availability impact through memory corruption. The vulnerability, triggered by aggressive TCP SKB compaction in net-next, causes TLS to operate on freed socket buffers when checking decrypt state. A vendor patch is available across multiple kernel versions (6.1-rc2 through 6.1-rc5 and later stable branches). No active exploitation confirmed, but CWE-416 use-after-free bugs are frequently targeted due to their code execution potential. EPSS data not provided.

Information Disclosure Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.

Linux Linux Kernel Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds shift in the Linux kernel Squashfs filesystem allows a local attacker to trigger memory corruption by racing a LOOP_SET_BLOCK_SIZE ioctl against a concurrent Squashfs mount on the same loop device, causing sb_min_blocksize() to return 0 and the code in squashfs_fill_super() to compute a shift exponent of 64. The affected subsystem is the kernel Squashfs driver (fs/squashfs/block.c) on Linux and downstream distributions such as Debian 11. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Linux Memory Corruption Buffer Overflow +3
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Uninitialized variable in libssh's privatekey_from_file() function can cause heap corruption or signing failures when a non-existent key file is specified, allowing local authenticated attackers to trigger memory corruption with potential for information disclosure. CVSS 3.6 reflects local attack vector and high complexity; exploitation requires authenticated access and specific file conditions.

Information Disclosure Use After Free Memory Corruption
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.

Information Disclosure Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

RCE Buffer Overflow Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.

Memory Corruption Privilege Escalation
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.

Privilege Escalation Buffer Overflow Memory Corruption
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Denial Of Service Buffer Overflow Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 8.6). High severity vulnerability requiring prompt remediation.

RCE Buffer Overflow Honeywell +2
NVD
EPSS 0% CVSS 8.9
HIGH PATCH This Week

CVE-2025-53630 is a critical integer overflow vulnerability in llama.cpp's GGUF file parsing function that can trigger heap out-of-bounds read/write operations, potentially leading to information disclosure, memory corruption, or remote code execution. The vulnerability affects llama.cpp versions prior to commit 26a48ad699d50b6268900062661bd22f3e792579, with a CVSS score of 8.9 indicating high severity. The network-accessible attack vector (AV:N) combined with low complexity (AC:L) means remote attackers can exploit this without authentication by supplying malformed GGUF model files.

Heap Overflow Buffer Overflow Integer Overflow +2
NVD GitHub
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

CVE-2025-7425 is a use-after-free (UAF) vulnerability in libxslt where improper memory management during XSLT tree fragment processing leads to heap corruption and potential code execution. The vulnerability affects libxslt library versions processing XSLT functions like key() that generate tree fragments, allowing local attackers with no privileges to trigger crashes or heap corruption through crafted XSLT stylesheets. While CVSS 7.8 indicates high severity, real-world impact depends on KEV inclusion status and whether public exploits exist; this vulnerability presents significant risk to applications embedding libxslt and processing untrusted XSLT input.

Denial Of Service Memory Corruption Use After Free
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's ath12k WiFi driver debugfs interface that allows local users with root privileges to write more than 32 bytes to a debugfs buffer, causing memory corruption. While the CVSS score is 7.8 (High), the practical impact is limited to authenticated root users on systems with ath12k WiFi hardware; no public exploit or KEV listing is currently available, but the vulnerability demonstrates a classic boundary-check failure that could enable privilege escalation or system instability.

Linux Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38298 is a general protection fault vulnerability in the Linux kernel's EDAC/skx_common module caused by failure to reset the 'adxl_component_count' variable during module unload/reload cycles. This affects users running i10nm_edac or skx_edac_common on Intel Xeon systems, allowing local attackers with low privileges to trigger a kernel crash or potential code execution through error injection testing or normal module lifecycle operations. The vulnerability has a CVSS score of 7.8 (high severity) but appears to be a reliability/denial-of-service issue rather than actively exploited in the wild.

Linux Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

CVE-2025-38292 is a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver (ath12k_dp_rx_msdu_coalesce function) where the is_continuation boolean field is accessed after the skb (socket buffer) containing it has been freed. This affects local attackers with low privileges who can trigger network packet processing, potentially leading to information disclosure or denial of service. The vulnerability has not been reported as actively exploited in KEV, but the high CVSS score (7.1) and local attack vector indicate moderate real-world risk, particularly in systems where unprivileged users can influence WiFi packet handling.

Linux Use After Free Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

Linux Use After Free Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides.

Linux Buffer Overflow Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Adobe Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Illustrator
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Indesign
NVD
Prev Page 30 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy