Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2026-8358 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8357 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8356 MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6047 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6045 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6040 MEDIUM PATCH This Month

Heap use-after-free in LibreOffice's ODF number format parser allows memory corruption when a user opens a crafted document containing a malformed number format string. The flaw arises because a position value embedded in the document is consumed without validation against the actual length of the format-code string, causing the parser to reference stale or out-of-bounds heap memory. Publicly available exploit code exists (CVSS 4.0 E:P), and while no active exploitation is confirmed via CISA KEV, the low attack complexity and document-phishing delivery model make this a realistic targeted threat.

Use After Free Memory Corruption Information Disclosure Libreoffice
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6039 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-10634 MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's native TCP2 stack allows a concurrent connection teardown - triggered by ordinary TCP traffic from an adjacent-network peer - to invalidate a cached iterator pointer in net_tcp_foreach(), crashing the system or causing the iterator callback to operate on attacker-influenced reallocated memory. All Zephyr releases from the TCP2 stack introduction in 2020 through v4.4.0 (inclusive) are affected. No public exploit has been identified at time of analysis and no CISA KEV listing exists; the primary real-world risk is denial of service against embedded or IoT devices with TCP networking and shell access exposed on an adjacent network segment.

Use After Free Memory Corruption Information Disclosure Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-55650 MEDIUM This Month

Heap use-after-free in GPAC MP4Box's MPEG-4 LASeR/SVG processing path crashes the tool when parsing a crafted MP4 file with the -svg conversion flag. The flaw occurs in gf_svg_node_del() at svg_types.c:107, where an SVG node is freed and then read again during scene graph teardown via gf_sg_reset()/gf_node_unregister(), confirmed by AddressSanitizer. Impact is limited to availability (process crash/DoS); no confidentiality or integrity impact is demonstrated. A public proof-of-concept MP4 file exists on GitHub; no active exploitation has been confirmed by CISA KEV.

Denial Of Service Memory Corruption Use After Free Gpac
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55644 MEDIUM This Month

Use-after-free memory corruption in GPAC's MP4Box triggers via gf_node_get_tag when parsing a crafted MP4 file containing an invalid BIFS GlobalQuantizer command. Any user or automated pipeline processing an attacker-supplied MP4 file with an affected GPAC build is exposed. Exploitation could yield arbitrary code execution or a reliable crash, depending on heap layout at the time of the free. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Memory Corruption Use After Free Gpac
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-6676 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-14098 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7004 HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41158 HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Information Disclosure Graphics Ddk
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41157 CRITICAL PATCH Act Now

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim loads a web page containing crafted WebGPU content into the GLES GPU render process, corrupting memory and crashing the browser or GPU process. The flaw stems from an integer overflow in size calculation driven by untrusted input, which produces an undersized allocation that subsequent writes exceed. EPSS exploitation probability is very low at 0.02% (5th percentile) and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34195 HIGH This Week

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-47965 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.

RCE Memory Corruption Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43671 HIGH GHSA This Week

Out-of-bounds write in Apple's SwiftNIO ByteBuffer affects all releases from 1.0.0 through 2.99.0 and is fixed in 2.100.0. The flaw stems from UInt32 truncation in internal index/capacity converters, so when an attacker can influence an index, offset, or length passed to specific ByteBuffer write methods with a value above UInt32.max (~4 GiB), safety preconditions silently pass and subsequent writes can corrupt heap memory outside the buffer. No public exploit identified at time of analysis, and the high data-size threshold makes practical exploitation narrow but severe where applicable.

Memory Corruption Buffer Overflow
NVD GitHub
EPSS
0.0%
CVE-2026-11933 HIGH PATCH This Week

Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.

Denial Of Service Memory Corruption Buffer Overflow MongoDB
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-12035 HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-12029 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12028 HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12023 HIGH PATCH This Week

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12020 HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-12019 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12015 MEDIUM PATCH This Month

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12014 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-12013 HIGH PATCH This Week

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-12012 HIGH PATCH This Week

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-12011 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12008 HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12007 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption RCE Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-53702 MEDIUM This Month

Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53701 MEDIUM This Month

Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53462 NuGet MEDIUM POC PATCH GHSA This Month

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing service by supplying crafted input that triggers a memory allocation failure, resulting in a denial-of-service condition. Affected are all releases of the 6.x branch prior to 6.9.13-50 and all 7.x releases prior to 7.1.2-25. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible attack vector is relevant wherever ImageMagick processes untrusted images (e.g., web upload pipelines, CI/CD asset processors).

Use After Free Memory Corruption Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-53461 NuGet HIGH PATCH GHSA This Week

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a maliciously crafted ICON file processed by versions prior to 6.9.13-50 and 7.1.2-25. The flaw stems from an incorrect loop condition during ICON parsing, leading to memory corruption and denial of service. No public exploit identified at time of analysis, but ImageMagick's broad deployment as an image-processing backend in web applications makes drive-by exposure plausible.

Memory Corruption Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-10238 HIGH PATCH This Week

Local privilege escalation to System Management Mode (SMM) in Lenovo ThinkPad BIOS firmware allows a high-privileged local user to execute arbitrary code at one of the most privileged execution rings on x86 hardware. The flaw, an out-of-bounds write (CWE-787) discovered by Lenovo during an internal security assessment, affects a wide range of current-generation ThinkPad models including X1 Carbon 13th Gen, X13 Gen 6, T14s Gen 6, P14s/P16v Gen 3, L13/L14/L16 Gen 6, and E16 Gen 3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Memory Corruption X13 Gen 6 Type 21Rk 21Rl Laptops Thinkpad Bios X1 Carbon 13Th Gen Type 21Nx 21Ny Laptops Thinkpad Bios P16V Gen 3 Type 21Rs 21Rt Laptop Thinkpad Bios +105
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-52757 MEDIUM PATCH This Month

Heap-use-after-free corruption in Ghidra's decompiler before version 12.1 allows a local attacker - or any actor who can deliver a crafted binary to a target analyst - to corrupt freed heap memory when the victim opens the file in the decompiler view. The vulnerability resides in HighVariable::merge() during the variable merging pass, where stale pointers in the HighIntersectTest::highedgemap cache are dereferenced against freed memory, producing low-impact integrity and availability effects on the Ghidra process. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the tool's user base of security researchers who routinely open untrusted binaries elevates the practical threat profile.

Use After Free Information Disclosure Memory Corruption Ghidra
NVD GitHub
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-49496 MEDIUM PATCH This Month

Heap-use-after-free in Ghidra's SLEIGH disassembler engine allows an attacker to cause memory corruption or application crash by supplying a crafted binary for decompilation. All Ghidra releases prior to 12.1 are affected, as is any downstream application consuming the SLEIGH library via the public Sleigh::oneInstruction C++ API. The CVSS v4.0 score of 6.9 reflects a high availability impact (VA:H) with low integrity impact (VI:L) and no confidentiality impact; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Buffer Overflow Memory Corruption Ghidra
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-45782 HIGH PATCH This Week

Use-after-free in Cloud Hypervisor versions 21.0 through 51.1 allows a malicious guest VM to corrupt host memory in the cloud-hypervisor VMM process by racing duplicate virtio-block descriptor chains against the host's asynchronous I/O completion path. The flaw carries a CVSS 4.0 score of 8.9 with high impact on both the affected VMM and subsequent system scope, indicating a credible VM escape primitive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Use After Free Memory Corruption Suse
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-47916 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption that lets the attacker run code with the privileges of the logged-on user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; however, Acrobat Reader is a perennial target for phishing-delivered malware, making patching a near-term priority. Adobe has issued APSB26-63 with fixed builds.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47918 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a user opens a malicious PDF, exploiting a Use-After-Free memory corruption flaw to run code as the current user. No public exploit identified at time of analysis, and EPSS data was not provided, but the high CVSS of 7.8 combined with Reader's massive install base makes this a routine patch priority. Vendor (Adobe) issued advisory APSB26-63 with corrective updates.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47915 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-after-free memory corruption bug (CWE-416) triggered when a victim opens a malicious PDF. Code runs in the security context of the current user, making this a credible client-side initial-access vector via phishing or drive-by document delivery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47917 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption flaw. Code runs with the privileges of the current user, and no public exploit identified at time of analysis, though Adobe has released APSB26-63 as the corresponding advisory.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47955 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier is possible when a victim opens a maliciously crafted file that triggers a use-after-free in the document parser. The flaw runs code in the context of the logged-in user and carries a CVSS 7.8 (High) score, but requires user interaction; no public exploit identified at time of analysis and EPSS data is not provided in the input.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47924 MEDIUM This Month

Use After Free memory disclosure in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 (and earlier) exposes sensitive process memory contents when a victim opens a specially crafted malicious file. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack is local, requires no privileges, but mandates user interaction - the victim must manually open the attacker-supplied document. Impact is limited to confidentiality (C:H), with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Adobe Use After Free Memory Corruption Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-47919 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is possible when a victim opens a maliciously crafted document, triggering a use-after-free condition in the renderer. The flaw runs code in the context of the current user and has no public exploit identified at time of analysis, though Adobe issued advisory APSB26-63 confirming the vulnerability class and affected versions.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47921 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free flaw triggered when a victim opens a maliciously crafted PDF document. Code executes in the context of the current user, making this a classic client-side document exploit vector. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47920 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF that triggers a use-after-free condition in the parser. Exploitation runs at the privilege of the user opening the file, and no public exploit identified at time of analysis. CVSS 7.8 reflects the local attack vector and required user interaction, but Reader's massive install base makes this a high-value target for phishing-driven campaigns.

Memory Corruption RCE Use After Free Denial Of Service Adobe +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47913 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier stems from a Use After Free condition (CWE-416) that triggers when a victim opens a malicious PDF, yielding execution in the context of the current user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the file-opening attack pattern is a perennial favorite in phishing and document-borne campaigns targeting Acrobat. Adobe has shipped fixed builds under advisory APSB26-63.

Memory Corruption RCE Use After Free Denial Of Service Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47914 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free condition triggered by opening a malicious PDF document. Successful exploitation runs code in the context of the current user, but no public exploit identified at time of analysis and the issue requires user interaction to open the crafted file.

Memory Corruption RCE Use After Free Denial Of Service Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47912 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651, and earlier versions occurs through a use-after-free condition triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker-supplied code with the privileges of the current user, making this a viable phishing and drive-by document attack vector. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Memory Corruption RCE Use After Free Denial Of Service Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47911 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a malicious PDF file that triggers an out-of-bounds write condition. The flaw executes code in the context of the logged-in user, and while no public exploit identified at time of analysis, the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability. Adobe has published advisory APSB26-63 with a fix.

Adobe Memory Corruption Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47908 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48306 HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted asset file that triggers an out-of-bounds write in the application's parsing logic. Exploitation runs in the context of the logged-in user and requires user interaction to open the file; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE Substance3D Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34710 HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted file. The flaw executes code in the context of the current user and requires victim interaction, with no public exploit identified at time of analysis and no CISA KEV listing.

Memory Corruption Buffer Overflow RCE Substance3D Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48305 HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) in the application's file parser. Exploitation runs in the context of the current user and no public exploit identified at time of analysis, though the high CVSS of 7.8 reflects the full local impact triad once a user is socially engineered into opening the file.

Memory Corruption Buffer Overflow RCE Substance3D Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34709 HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3D asset file, triggering an out-of-bounds write that runs attacker code with the current user's privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the local attack vector combined with high impact and required user interaction makes this a classic targeted-phishing/social-engineering risk against artists and 3D designers.

Memory Corruption Buffer Overflow RCE Substance3D Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34706 HIGH This Week

Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34700 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted document, allowing attacker code to run with the privileges of the current user. The flaw carries a CVSS 7.8 (High) rating, requires victim interaction, and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34696 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition triggered when a user opens a maliciously crafted document, allowing an attacker to run code with the privileges of the logged-in user. The flaw is reported by Adobe with a CVSS 3.1 base score of 7.8 and tagged for RCE, denial of service, and memory corruption, but there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48293 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-in user when a victim opens a maliciously crafted document file. The flaw is an out-of-bounds write (CWE-787) memory corruption issue requiring user interaction, and no public exploit has been identified at time of analysis.

Memory Corruption Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48583 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition (CWE-416). The flaw carries a CVSS 7.8 score with local attack vector and low privileges required, and no public exploit has been identified at time of analysis. Microsoft Security Response Center (MSRC) is the sole referenced authoritative source, indicating this is a vendor-discovered and vendor-tracked issue.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48563 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47654 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow Windows Server 2016 Windows Server 2019 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47653 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-47293 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Office Click-To-Run stems from a use-after-free condition (CWE-416) that lets an authorized low-privilege user elevate to higher privileges on the host. The flaw, reported by Microsoft's MSRC, carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting that exploitation requires local access, low privileges, and a successful race-window or memory-state condition. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption Denial Of Service 365 Apps +3
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45641 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Microsoft Memory Corruption Buffer Overflow Windows 10 21h2 Windows 10 22h2 +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45640 HIGH PATCH Exploit Unlikely Act Now

Local privilege escalation in the Windows Bluetooth Port Driver allows an authorized low-privileged attacker to elevate to higher privileges by triggering a use-after-free condition in the kernel-mode driver. The flaw is reported by Microsoft Security Response Center and carries a CVSS 7.0 (high) rating with high attack complexity, and no public exploit identified at time of analysis. EPSS data and CISA KEV status were not provided in the input, so widespread exploitation is not confirmed.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45637 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library enables an authorized low-privileged user to gain elevated privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS 3.1 score of 7.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Exploitation requires the attacker to already have local code execution as a standard user, making it a strong candidate for post-compromise chaining toward SYSTEM-level access.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45635 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-45605 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Bluetooth Service stems from a use-after-free condition (CWE-416) that an authenticated low-privilege user can trigger to gain elevated rights on the host. The CVSS 7.8 vector (AV:L/AC:L/PR:L/UI:N) reflects a fully local attack with high impact across confidentiality, integrity, and availability, and no public exploit has been identified at time of analysis. The flaw was reported by Microsoft (secure@microsoft.com) and tracked in the MSRC update guide.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45600 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel-Mode Drivers allows an authenticated low-privileged user to elevate to SYSTEM via a type confusion (CWE-843) flaw. The vulnerability carries a CVSS 7.8 (High) with low attack complexity and no user interaction once local access is obtained, though no public exploit identified at time of analysis. Reported by Microsoft's MSRC, this fits the recurring pattern of Windows kernel driver EoP bugs frequently abused in post-compromise stages.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45599 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Universal Plug and Play service (upnp.dll) allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition. The flaw carries a CVSS 3.1 base score of 8.1, lowered by high attack complexity (AC:H) reflecting the race-condition or memory-state requirements typical of UAF bugs. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV; EPSS data was not provided in the input.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-45486 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers an untrusted pointer dereference (CWE-416 use-after-free). The flaw lets an unauthorized attacker execute arbitrary code in the context of the current user, and no public exploit identified at time of analysis. Risk hinges on user interaction (UI:R), making phishing-style document delivery the realistic attack pathway.

Microsoft Authentication Bypass Use After Free Memory Corruption 365 Apps +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45476 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in the Linux MANA (Microsoft Azure Network Adapter) driver allows an authenticated attacker with high privileges on the host to escalate privileges across security boundaries by exploiting a use-after-free condition. The flaw was reported by Microsoft Security Response Center and carries a CVSS 3.1 score of 8.2 driven by scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Azure Network Adapter
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-45474 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction. The flaw carries a CVSS 3.1 score of 8.4 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite requiring local access, the absence of authentication and user-interaction requirements makes this a notable priority for endpoint patching cycles.

Microsoft Use After Free Memory Corruption Buffer Overflow 365 Apps +6
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45472 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitrary code with the privileges of the user opening a malicious document. The CVSS vector (AV:L/PR:N/UI:N) indicates local attack vector without required authentication or user interaction, an unusual combination that warrants verification against the vendor advisory. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption Buffer Overflow 365 Apps +6
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45461 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitrary code in the context of the current user. The flaw carries a CVSS 8.4 rating driven by high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite the 'unauthorized' wording, the CVSS vector specifies a local attack vector, indicating the attacker must already be able to deliver a crafted file or run code on the target system.

Microsoft Use After Free Memory Corruption Buffer Overflow 365 Apps +6
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45458 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbitrary code in the context of the Office process without requiring privileges or user interaction. The issue carries a high CVSS 3.1 score of 8.4 with full impact across confidentiality, integrity, and availability, though exploitation requires local attack vector access to the target system. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Authentication Bypass Use After Free Memory Corruption 365 Apps +6
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45456 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attacker with local access to run arbitrary code in the context of the Office process. The CVSS 8.4 score reflects high impact on confidentiality, integrity, and availability without requiring privileges or user interaction, though the attack vector is local. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-44817 HIGH PATCH This Week

Local code execution in Microsoft Office Excel arises from an integer underflow condition that corrupts memory when a malicious spreadsheet is opened. The flaw requires user interaction (UI:R) to trigger but needs no prior authentication, enabling attackers to run arbitrary code in the security context of the victim user. At the time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44813 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library enables an authenticated low-privilege attacker to gain elevated rights through a use-after-free memory corruption flaw. The issue carries a CVSS 7.8 (High) rating with total confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. CISA SSVC scoring marks exploitation as 'none' and not automatable, suggesting limited real-world activity despite the severe technical impact.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 26h1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44809 HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an authenticated low-privileged attacker to elevate to SYSTEM via a use-after-free memory corruption flaw. The vulnerability carries a CVSS 7.8 rating with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. CLFS has a long history of being targeted for kernel-level privilege escalation, making this class of bug a recurring concern for Windows defenders.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44807 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free memory corruption flaw. CVSS 7.8 with high impact to confidentiality, integrity, and availability, but currently no public exploit identified at time of analysis and CISA SSVC rates exploitation status as 'none' with automation as 'no'.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 26h1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44805 MEDIUM PATCH This Month

Use-after-free in the Windows Network Controller (NC) Host Agent enables a locally authenticated attacker to crash the service, resulting in a denial of service on affected Windows Server deployments. The vulnerability carries a CVSS score of 5.5 (Medium) with local attack vector and low-privilege requirements, limiting its blast radius to service availability - confidentiality and integrity are unaffected. No public exploit code exists and CISA KEV listing is absent at time of analysis, though a vendor patch from Microsoft is available and should be prioritized on Windows Server deployments leveraging Software Defined Networking.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44804 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privileged user to elevate to higher privileges by exploiting a use-after-free memory corruption flaw (CWE-416). The issue was reported by Microsoft's security team (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 26h1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44802 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1809 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44801 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42987 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.

Microsoft Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap use-after-free in LibreOffice's ODF number format parser allows memory corruption when a user opens a crafted document containing a malformed number format string. The flaw arises because a position value embedded in the document is consumed without validation against the actual length of the format-code string, causing the parser to reference stale or out-of-bounds heap memory. Publicly available exploit code exists (CVSS 4.0 E:P), and while no active exploitation is confirmed via CISA KEV, the low attack complexity and document-phishing delivery model make this a realistic targeted threat.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's native TCP2 stack allows a concurrent connection teardown - triggered by ordinary TCP traffic from an adjacent-network peer - to invalidate a cached iterator pointer in net_tcp_foreach(), crashing the system or causing the iterator callback to operate on attacker-influenced reallocated memory. All Zephyr releases from the TCP2 stack introduction in 2020 through v4.4.0 (inclusive) are affected. No public exploit has been identified at time of analysis and no CISA KEV listing exists; the primary real-world risk is denial of service against embedded or IoT devices with TCP networking and shell access exposed on an adjacent network segment.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap use-after-free in GPAC MP4Box's MPEG-4 LASeR/SVG processing path crashes the tool when parsing a crafted MP4 file with the -svg conversion flag. The flaw occurs in gf_svg_node_del() at svg_types.c:107, where an SVG node is freed and then read again during scene graph teardown via gf_sg_reset()/gf_node_unregister(), confirmed by AddressSanitizer. Impact is limited to availability (process crash/DoS); no confidentiality or integrity impact is demonstrated. A public proof-of-concept MP4 file exists on GitHub; no active exploitation has been confirmed by CISA KEV.

Denial Of Service Memory Corruption Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use-after-free memory corruption in GPAC's MP4Box triggers via gf_node_get_tag when parsing a crafted MP4 file containing an invalid BIFS GlobalQuantizer command. Any user or automated pipeline processing an attacker-supplied MP4 file with an affected GPAC build is exposed. Exploitation could yield arbitrary code execution or a reliable crash, depending on heap layout at the time of the free. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Memory Corruption Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).

Microsoft Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.

Microsoft Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to issue crafted GPU system calls that perform read/write operations on arbitrary freed physical memory pages, enabling kernel memory corruption. The flaw stems from missing deferred-free handling, meaning the GPU can still access pages after the kernel module has released them. No public exploit identified at time of analysis and EPSS is very low (0.02%), but CVSS 7.8 reflects high local impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim loads a web page containing crafted WebGPU content into the GLES GPU render process, corrupting memory and crashing the browser or GPU process. The flaw stems from an integer overflow in size calculation driven by untrusted input, which produces an undersized allocation that subsequent writes exceed. EPSS exploitation probability is very low at 0.02% (5th percentile) and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.

RCE Memory Corruption Adobe +2
NVD
EPSS 0%
HIGH This Week

Out-of-bounds write in Apple's SwiftNIO ByteBuffer affects all releases from 1.0.0 through 2.99.0 and is fixed in 2.100.0. The flaw stems from UInt32 truncation in internal index/capacity converters, so when an attacker can influence an index, offset, or length passed to specific ByteBuffer write methods with a value above UInt32.max (~4 GiB), safety preconditions silently pass and subsequent writes can corrupt heap memory outside the buffer. No public exploit identified at time of analysis, and the high data-size threshold makes practical exploitation narrow but severe where applicable.

Memory Corruption Buffer Overflow
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing service by supplying crafted input that triggers a memory allocation failure, resulting in a denial-of-service condition. Affected are all releases of the 6.x branch prior to 6.9.13-50 and all 7.x releases prior to 7.1.2-25. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible attack vector is relevant wherever ImageMagick processes untrusted images (e.g., web upload pipelines, CI/CD asset processors).

Use After Free Memory Corruption Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a maliciously crafted ICON file processed by versions prior to 6.9.13-50 and 7.1.2-25. The flaw stems from an incorrect loop condition during ICON parsing, leading to memory corruption and denial of service. No public exploit identified at time of analysis, but ImageMagick's broad deployment as an image-processing backend in web applications makes drive-by exposure plausible.

Memory Corruption Buffer Overflow Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation to System Management Mode (SMM) in Lenovo ThinkPad BIOS firmware allows a high-privileged local user to execute arbitrary code at one of the most privileged execution rings on x86 hardware. The flaw, an out-of-bounds write (CWE-787) discovered by Lenovo during an internal security assessment, affects a wide range of current-generation ThinkPad models including X1 Carbon 13th Gen, X13 Gen 6, T14s Gen 6, P14s/P16v Gen 3, L13/L14/L16 Gen 6, and E16 Gen 3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Memory Corruption X13 Gen 6 Type 21Rk 21Rl Laptops Thinkpad Bios +107
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Heap-use-after-free corruption in Ghidra's decompiler before version 12.1 allows a local attacker - or any actor who can deliver a crafted binary to a target analyst - to corrupt freed heap memory when the victim opens the file in the decompiler view. The vulnerability resides in HighVariable::merge() during the variable merging pass, where stale pointers in the HighIntersectTest::highedgemap cache are dereferenced against freed memory, producing low-impact integrity and availability effects on the Ghidra process. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, but the tool's user base of security researchers who routinely open untrusted binaries elevates the practical threat profile.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Heap-use-after-free in Ghidra's SLEIGH disassembler engine allows an attacker to cause memory corruption or application crash by supplying a crafted binary for decompilation. All Ghidra releases prior to 12.1 are affected, as is any downstream application consuming the SLEIGH library via the public Sleigh::oneInstruction C++ API. The CVSS v4.0 score of 6.9 reflects a high availability impact (VA:H) with low integrity impact (VI:L) and no confidentiality impact; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Use-after-free in Cloud Hypervisor versions 21.0 through 51.1 allows a malicious guest VM to corrupt host memory in the cloud-hypervisor VMM process by racing duplicate virtio-block descriptor chains against the host's asynchronous I/O completion path. The flaw carries a CVSS 4.0 score of 8.9 with high impact on both the affected VMM and subsequent system scope, indicating a credible VM escape primitive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption that lets the attacker run code with the privileges of the logged-on user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; however, Acrobat Reader is a perennial target for phishing-delivered malware, making patching a near-term priority. Adobe has issued APSB26-63 with fixed builds.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a user opens a malicious PDF, exploiting a Use-After-Free memory corruption flaw to run code as the current user. No public exploit identified at time of analysis, and EPSS data was not provided, but the high CVSS of 7.8 combined with Reader's massive install base makes this a routine patch priority. Vendor (Adobe) issued advisory APSB26-63 with corrective updates.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-after-free memory corruption bug (CWE-416) triggered when a victim opens a malicious PDF. Code runs in the security context of the current user, making this a credible client-side initial-access vector via phishing or drive-by document delivery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption flaw. Code runs with the privileges of the current user, and no public exploit identified at time of analysis, though Adobe has released APSB26-63 as the corresponding advisory.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier is possible when a victim opens a maliciously crafted file that triggers a use-after-free in the document parser. The flaw runs code in the context of the logged-in user and carries a CVSS 7.8 (High) score, but requires user interaction; no public exploit identified at time of analysis and EPSS data is not provided in the input.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use After Free memory disclosure in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 (and earlier) exposes sensitive process memory contents when a victim opens a specially crafted malicious file. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack is local, requires no privileges, but mandates user interaction - the victim must manually open the attacker-supplied document. Impact is limited to confidentiality (C:H), with no integrity or availability consequence. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Adobe Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is possible when a victim opens a maliciously crafted document, triggering a use-after-free condition in the renderer. The flaw runs code in the context of the current user and has no public exploit identified at time of analysis, though Adobe issued advisory APSB26-63 confirming the vulnerability class and affected versions.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free flaw triggered when a victim opens a maliciously crafted PDF document. Code executes in the context of the current user, making this a classic client-side document exploit vector. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF that triggers a use-after-free condition in the parser. Exploitation runs at the privilege of the user opening the file, and no public exploit identified at time of analysis. CVSS 7.8 reflects the local attack vector and required user interaction, but Reader's massive install base makes this a high-value target for phishing-driven campaigns.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier stems from a Use After Free condition (CWE-416) that triggers when a victim opens a malicious PDF, yielding execution in the context of the current user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the file-opening attack pattern is a perennial favorite in phishing and document-borne campaigns targeting Acrobat. Adobe has shipped fixed builds under advisory APSB26-63.

Memory Corruption RCE Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free condition triggered by opening a malicious PDF document. Successful exploitation runs code in the context of the current user, but no public exploit identified at time of analysis and the issue requires user interaction to open the crafted file.

Memory Corruption RCE Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651, and earlier versions occurs through a use-after-free condition triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker-supplied code with the privileges of the current user, making this a viable phishing and drive-by document attack vector. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Memory Corruption RCE Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a malicious PDF file that triggers an out-of-bounds write condition. The flaw executes code in the context of the logged-in user, and while no public exploit identified at time of analysis, the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability. Adobe has published advisory APSB26-63 with a fix.

Adobe Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted asset file that triggers an out-of-bounds write in the application's parsing logic. Exploitation runs in the context of the logged-in user and requires user interaction to open the file; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted file. The flaw executes code in the context of the current user and requires victim interaction, with no public exploit identified at time of analysis and no CISA KEV listing.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) in the application's file parser. Exploitation runs in the context of the current user and no public exploit identified at time of analysis, though the high CVSS of 7.8 reflects the full local impact triad once a user is socially engineered into opening the file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3D asset file, triggering an out-of-bounds write that runs attacker code with the current user's privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the local attack vector combined with high impact and required user interaction makes this a classic targeted-phishing/social-engineering risk against artists and 3D designers.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted document, allowing attacker code to run with the privileges of the current user. The flaw carries a CVSS 7.8 (High) rating, requires victim interaction, and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition triggered when a user opens a maliciously crafted document, allowing an attacker to run code with the privileges of the logged-in user. The flaw is reported by Adobe with a CVSS 3.1 base score of 7.8 and tagged for RCE, denial of service, and memory corruption, but there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-in user when a victim opens a maliciously crafted document file. The flaw is an out-of-bounds write (CWE-787) memory corruption issue requiring user interaction, and no public exploit has been identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free condition (CWE-416). The flaw carries a CVSS 7.8 score with local attack vector and low privileges required, and no public exploit has been identified at time of analysis. Microsoft Security Response Center (MSRC) is the sole referenced authoritative source, indicating this is a vendor-discovered and vendor-tracked issue.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free +10
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Office Click-To-Run stems from a use-after-free condition (CWE-416) that lets an authorized low-privilege user elevate to higher privileges on the host. The flaw, reported by Microsoft's MSRC, carries a CVSS 7.0 (AV:L/AC:H/PR:L) reflecting that exploitation requires local access, low privileges, and a successful race-window or memory-state condition. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Microsoft Memory Corruption Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely Act Now

Local privilege escalation in the Windows Bluetooth Port Driver allows an authorized low-privileged attacker to elevate to higher privileges by triggering a use-after-free condition in the kernel-mode driver. The flaw is reported by Microsoft Security Response Center and carries a CVSS 7.0 (high) rating with high attack complexity, and no public exploit identified at time of analysis. EPSS data and CISA KEV status were not provided in the input, so widespread exploitation is not confirmed.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library enables an authorized low-privileged user to gain elevated privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS 3.1 score of 7.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Exploitation requires the attacker to already have local code execution as a standard user, making it a strong candidate for post-compromise chaining toward SYSTEM-level access.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Universal Plug and Play stack (upnp.dll) allows unauthenticated network attackers to execute arbitrary code on affected hosts by triggering a memory-safety flaw in the UPnP service. The issue carries a CVSS 3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N), reflecting network reachability without credentials but high attack complexity. At time of analysis there is no public exploit identified and the CVE is not listed in CISA KEV.

Denial Of Service Memory Corruption Windows 10 1607 +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Bluetooth Service stems from a use-after-free condition (CWE-416) that an authenticated low-privilege user can trigger to gain elevated rights on the host. The CVSS 7.8 vector (AV:L/AC:L/PR:L/UI:N) reflects a fully local attack with high impact across confidentiality, integrity, and availability, and no public exploit has been identified at time of analysis. The flaw was reported by Microsoft (secure@microsoft.com) and tracked in the MSRC update guide.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel-Mode Drivers allows an authenticated low-privileged user to elevate to SYSTEM via a type confusion (CWE-843) flaw. The vulnerability carries a CVSS 7.8 (High) with low attack complexity and no user interaction once local access is obtained, though no public exploit identified at time of analysis. Reported by Microsoft's MSRC, this fits the recurring pattern of Windows kernel driver EoP bugs frequently abused in post-compromise stages.

Microsoft Information Disclosure Memory Corruption
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Universal Plug and Play service (upnp.dll) allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition. The flaw carries a CVSS 3.1 base score of 8.1, lowered by high attack complexity (AC:H) reflecting the race-condition or memory-state requirements typical of UAF bugs. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV; EPSS data was not provided in the input.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word is possible when a user opens a maliciously crafted document that triggers an untrusted pointer dereference (CWE-416 use-after-free). The flaw lets an unauthorized attacker execute arbitrary code in the context of the current user, and no public exploit identified at time of analysis. Risk hinges on user interaction (UI:R), making phishing-style document delivery the realistic attack pathway.

Microsoft Authentication Bypass Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Linux MANA (Microsoft Azure Network Adapter) driver allows an authenticated attacker with high privileges on the host to escalate privileges across security boundaries by exploiting a use-after-free condition. The flaw was reported by Microsoft Security Response Center and carries a CVSS 3.1 score of 8.2 driven by scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction. The flaw carries a CVSS 3.1 score of 8.4 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite requiring local access, the absence of authentication and user-interaction requirements makes this a notable priority for endpoint patching cycles.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitrary code with the privileges of the user opening a malicious document. The CVSS vector (AV:L/PR:N/UI:N) indicates local attack vector without required authentication or user interaction, an unusual combination that warrants verification against the vendor advisory. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitrary code in the context of the current user. The flaw carries a CVSS 8.4 rating driven by high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite the 'unauthorized' wording, the CVSS vector specifies a local attack vector, indicating the attacker must already be able to deliver a crafted file or run code on the target system.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbitrary code in the context of the Office process without requiring privileges or user interaction. The issue carries a high CVSS 3.1 score of 8.4 with full impact across confidentiality, integrity, and availability, though exploitation requires local attack vector access to the target system. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Authentication Bypass Use After Free +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attacker with local access to run arbitrary code in the context of the Office process. The CVSS 8.4 score reflects high impact on confidentiality, integrity, and availability without requiring privileges or user interaction, though the attack vector is local. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Excel arises from an integer underflow condition that corrupts memory when a malicious spreadsheet is opened. The flaw requires user interaction (UI:R) to trigger but needs no prior authentication, enabling attackers to run arbitrary code in the security context of the victim user. At the time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library enables an authenticated low-privilege attacker to gain elevated rights through a use-after-free memory corruption flaw. The issue carries a CVSS 7.8 (High) rating with total confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. CISA SSVC scoring marks exploitation as 'none' and not automatable, suggesting limited real-world activity despite the severe technical impact.

Microsoft Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an authenticated low-privileged attacker to elevate to SYSTEM via a use-after-free memory corruption flaw. The vulnerability carries a CVSS 7.8 rating with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. CLFS has a long history of being targeted for kernel-level privilege escalation, making this class of bug a recurring concern for Windows defenders.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privileged user to elevate to SYSTEM via a use-after-free memory corruption flaw. CVSS 7.8 with high impact to confidentiality, integrity, and availability, but currently no public exploit identified at time of analysis and CISA SSVC rates exploitation status as 'none' with automation as 'no'.

Microsoft Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free in the Windows Network Controller (NC) Host Agent enables a locally authenticated attacker to crash the service, resulting in a denial of service on affected Windows Server deployments. The vulnerability carries a CVSS score of 5.5 (Medium) with local attack vector and low-privilege requirements, limiting its blast radius to service availability - confidentiality and integrity are unaffected. No public exploit code exists and CISA KEV listing is absent at time of analysis, though a vendor patch from Microsoft is available and should be prioritized on Windows Server deployments leveraging Software Defined Networking.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privileged user to elevate to higher privileges by exploiting a use-after-free memory corruption flaw (CWE-416). The issue was reported by Microsoft's security team (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact on the local host.

Microsoft Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated low-privilege attacker to gain higher privileges through a use-after-free memory corruption flaw. The vulnerability carries a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Successful exploitation typically yields SYSTEM-level code execution on the affected Windows host.

Microsoft Use After Free Memory Corruption +11
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Deployment Services (WDS) allows unauthenticated network-based attackers to execute arbitrary code by exploiting a use-after-free memory corruption flaw (CWE-416). The CVSS 8.1 score reflects high impact on confidentiality, integrity, and availability, though exploit complexity is rated High. No public exploit identified at time of analysis, and SSVC marks exploitation status as none with the flaw classified as not automatable.

Microsoft Use After Free Memory Corruption +1
NVD VulDB
Prev Page 7 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy