Skip to main content

Memory Corruption

15289 CVEs technique

Monthly

CVE-2025-23133 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22126 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(),. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22097 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22088 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22085 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22083 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22068 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22056 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22041 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-22040 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-22035 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22024 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure VMware +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-58093 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22023 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22022 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22020 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Lenovo +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49200 MEDIUM This Month

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow RCE Kernel
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2025-1276 HIGH This Week

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Advance Steel Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1274 HIGH This Week

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1292 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-1122 MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-32948 HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-42970 HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Apple Safari +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-26479 LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Dell Powerscale Onefs
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-2632 HIGH This Week

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Labview
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2631 HIGH This Week

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow RCE Labview
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3416 LOW Monitor

A flaw was found in OpenSSL's handling of the properties argument in certain functions. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption OpenSSL Information Disclosure
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.5%
CVE-2025-30304 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30297 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-29824 HIGH POC KEV THREAT CERT-EU Act Now

Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-29823 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-29820 HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-29792 HIGH This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-29791 HIGH CERT-EU This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27751 HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2025-27750 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-27749 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27748 HIGH CERT-EU This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27746 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27745 HIGH CERT-EU This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27729 HIGH This Week

Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27491 HIGH This Week

Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +13
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-27480 HIGH CERT-EU This Week

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2025-27476 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27467 HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27200 HIGH This Week

Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Animate
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-27194 HIGH This Week

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27183 HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27182 HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26687 HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Office +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26681 MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +8
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-26679 HIGH This Week

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-26671 HIGH This Week

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows Server 2008 +7
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-26670 HIGH CERT-EU This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-26663 HIGH CERT-EU This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-26648 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Information Disclosure Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-3289 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2829 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2293 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2288 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-31498 HIGH PATCH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
8.3
EPSS
0.6%
CVE-2025-30015 MEDIUM This Month

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

SAP Memory Corruption Buffer Overflow
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2025-20943 MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-21441 HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Qca1062 Firmware Qca1064 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21440 HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21439 HIGH This Month

Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Qca6595au Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21437 HIGH This Week

Memory corruption while processing memory map or unmap IOCTL operations simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Qam8255p Firmware Qam8295p Firmware +29
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21436 HIGH This Week

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Qmp1000 Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49848 MEDIUM This Month

Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Qam8255p Firmware Qam8295p Firmware +143
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-45557 HIGH This Week

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45544 MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +42
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45543 MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +62
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45540 MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6200 Firmware +66
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-43066 HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Csrb31024 Firmware Fastconnect 6200 Firmware +96
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-20658 MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Mt2718 +18
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20657 MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20656 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +19
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20654 CRITICAL Act Now

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Software Development Kit Mt7622 +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-24304 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-32352 MEDIUM This Month

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption PHP Authentication Bypass
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-11235 CRITICAL POC PATCH Act Now

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption PHP RCE Red Hat +1
NVD GitHub
CVSS 4.0
9.2
EPSS
1.5%
CVE-2025-29815 HIGH This Week

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Microsoft +2
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2025-25000 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass Google Edge Chromium +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-22004 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21999 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3154 LOW Monitor

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-3066 HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-21979 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21969 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21968 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Amd +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(),. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode, UAF issue can occur in session_deregister when the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Amd Memory Corruption Buffer Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE +10
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Dell +1
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 3.7
LOW Monitor

A flaw was found in OpenSSL's handling of the properties argument in certain functions. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption OpenSSL +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH POC KEV THREAT Act Now

Windows Common Log File System Driver contains a use-after-free enabling local privilege escalation, exploited in the wild in April 2025. CLFS driver vulnerabilities have become a recurring Windows kernel exploit target.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +5
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +3
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +5
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Shell allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +8
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Memory Corruption Microsoft +15
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +11
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +18
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft +10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +16
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +9
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

SAP Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 7800 Firmware +48
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Aqt1000 Firmware +48
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6700 Firmware +24
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while processing memory map or unmap IOCTL operations simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +31
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +25
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Memory corruption while processing multiple IOCTL calls from HLOS to DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +145
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ar8035 Firmware +59
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while processing IOCTL calls to add route entry in the HW. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +44
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while accessing MSM channel map and mixer functions. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow C V2x 9150 Firmware +64
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while invoking IOCTL map buffer request from userspace. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +68
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while handling file descriptor during listener registration/de-registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +98
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +20
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +21
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +8
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption PHP Authentication Bypass
NVD
EPSS 1% CVSS 9.2
CRITICAL POC PATCH Act Now

In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption PHP +3
NVD GitHub
EPSS 1% CVSS 7.6
HIGH This Week

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
Prev Page 35 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy