Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2026-40406 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40366 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-35418 HIGH PATCH This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35416 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-34347 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K - GRFX) allows authenticated users with low privileges to achieve SYSTEM-level access through a use-after-free memory corruption vulnerability. Affects multiple Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security updates. The CVSS 7.0 (High) rating reflects high attack complexity (AC:H), requiring specific race condition timing or system state manipulation, though EPSS data is not yet available for this recently disclosed CVE.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34333 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem affects Windows 10 (1607 through 22H2), Windows 11 (all versions including 26H1 preview), and Windows Server 2012 through authenticated low-privileged local users exploiting a use-after-free memory corruption flaw. Microsoft has released security updates addressing this CWE-416 vulnerability with CVSS 7.8 severity. The local attack vector and low complexity (AC:L) indicate straightforward exploitation once local access is achieved, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33840 HIGH PATCH Exploit Likely This Week

Privilege escalation in Windows Win32K ICOMP component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 via a use-after-free memory corruption flaw. Low-privileged authenticated local attackers can exploit this to gain SYSTEM-level privileges with low attack complexity and no user interaction required. Microsoft has released patches addressing this vulnerability, tracked under MSRC guidance. No active exploitation or public exploit code has been identified at time of analysis, with EPSS data not yet available for this recent CVE.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27723 MEDIUM This Month

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Denial Of Service Use After Free Memory Corruption Linux Intel
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-8390 HIGH PATCH This Week

Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.

Information Disclosure Use After Free Memory Corruption Mozilla
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-45185 CRITICAL POC PATCH NEWS Act Now

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Use After Free Memory Corruption RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28994 MEDIUM PATCH This Month

A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.

Denial Of Service Apple Use After Free Memory Corruption
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-43668 HIGH PATCH This Week

Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.

Denial Of Service Apple Use After Free Memory Corruption
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28946 MEDIUM PATCH This Month

Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.

Denial Of Service Apple Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28947 HIGH PATCH This Week

Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.

Denial Of Service Apple Use After Free Memory Corruption Ios And Ipados +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28883 HIGH PATCH This Week

Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.

Denial Of Service Apple Use After Free Memory Corruption Ios And Ipados +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28969 HIGH PATCH This Week

Use-after-free memory corruption in Apple operating systems allows high confidentiality impact through unexpected system termination. Affects iOS/iPadOS versions before 18.7.9 and 26.5, macOS Sequoia before 15.7.7, macOS Sonoma before 14.8.7, macOS Tahoe before 26.5, tvOS before 26.5, visionOS before 26.5, and watchOS before 26.5. Vendor-released patches are available across all affected platforms. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability in the wild, and no public exploit identified at time of analysis. CVSS vector indicates network-reachable attack surface with no authentication required, though the description states only 'an app' can trigger the condition, suggesting conflicting attack vector classification.

Denial Of Service Apple Use After Free Memory Corruption
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28942 MEDIUM PATCH This Month

Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.

Denial Of Service Apple Use After Free Memory Corruption Ios And Ipados +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43459 HIGH PATCH This Week

Use-after-free in Linux kernel ASoC (ALSA System on Chip) subsystem allows local authenticated users with open audio streams to trigger memory corruption during sound card unbind operations. The flaw occurs when PCM stream closure schedules delayed DAPM (Dynamic Audio Power Management) work after widgets are freed, enabling potential privilege escalation or denial of service. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). No CISA KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-43458 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's CAIF serial driver allows attackers with local access to trigger a use-after-free condition in pty_write_room() via the caif_serial line discipline. The flaw stems from missing reference counting on tty->link, enabling memory corruption that can lead to arbitrary kernel code execution with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with an EPSS score of 0.02% (7th percentile) indicating low likelihood of widespread exploitation.

Memory Corruption Information Disclosure Linux Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43447 HIGH PATCH This Week

Use-after-free in the Linux kernel iavf driver allows local authenticated users to execute arbitrary code, escalate privileges, or crash the system. The vulnerability affects Intel Ethernet Adaptive Virtual Function (iavf) driver's PTP implementation where a worker thread continues accessing freed memory during network adapter reset or disable operations. Patch available from kernel.org upstream commits across multiple stable branches (6.18.19, 6.19.9, 7.0+). EPSS score of 0.02% (4th percentile) indicates low observed exploitation likelihood, and no CISA KEV listing confirms this remains a theoretical risk requiring local access with low privileges.

Denial Of Service Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43440 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's Microsoft Azure Network Adapter (mana) driver allows a low-privileged local user to trigger a use-after-free via a double destroy_workqueue() call on the gc->service_wq pointer when mana_gd_setup() fails. The flaw, fixed in the 6.18.x and 6.19.x stable trees, has no public exploit identified at time of analysis and an EPSS of 0.02% (4th percentile), but carries a CVSS of 7.8 due to high confidentiality, integrity, and availability impact within the kernel.

Memory Corruption Information Disclosure Linux Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43438 HIGH PATCH This Week

Reference count underflow in Linux kernel sched_ext subsystem enables local privilege escalation to execute arbitrary code with kernel privileges. The flaw affects kernel versions 6.12 through 6.19.x (prior to patched releases 6.12.78, 6.18.19, 6.19.9, 7.0), scoring CVSS 7.8 with local attack vector requiring low privileges. Vendor patches available via stable kernel updates. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit code or active exploitation confirmed at time of analysis, though the Use-After-Free primitive could enable kernel memory corruption attacks.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43437 HIGH PATCH This Week

Use-after-free in Linux kernel ALSA PCM subsystem allows local authenticated users to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in snd_pcm_drain() when a linked stream's runtime structure is freed via concurrent close() while still being dereferenced, enabling information disclosure, system crashes, or privilege escalation. With EPSS at 0.02% (7th percentile) and CVSS 7.8, this represents elevated theoretical risk but shows no evidence of active exploitation or public POC at time of analysis. Vendor patches are available across multiple stable kernel branches (5.10.253, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0).

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43426 HIGH PATCH This Week

Use-after-free in the Linux kernel's Renesas USB host (renesas_usbhs) driver allows a local low-privileged attacker to potentially corrupt memory or escalate privileges during device removal. The flaw stems from the interrupt handler remaining registered while driver resources, including the pipe array, are freed in usbhs_remove(), creating a race window where the ISR can dereference freed memory. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the kernel-level memory corruption impact (CVSS 7.8) makes it a meaningful local risk on affected Renesas USB hardware.

Memory Corruption Information Disclosure Linux Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43402 CRITICAL PATCH Act Now

Use-after-free in Linux kernel kthread subsystem enables memory corruption leading to arbitrary code execution or denial of service. The vulnerability arises when kernel threads exit via make_task_dead() instead of kthread_exit(), bypassing affinity_node cleanup. This causes dangling pointers in the global kthread_affinity_list that corrupt freed memory reused by the SLAB allocator, specifically overwriting RCU callback function pointers in struct pid objects. CVSS rates this 9.8 critical, though the network attack vector appears misclassified since kernel thread manipulation requires local code execution. EPSS score of 0.02% (4th percentile) indicates low predicted exploitation likelihood despite severity. Vendor patches available for Linux 6.18.19, 6.19.9, and 7.0 via upstream commits.

Denial Of Service Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43388 HIGH PATCH This Week

Use-after-free condition in the Linux kernel's DAMON (Data Access MONitor) subsystem affects systems running kernel version 6.14 and related stable branches prior to the patched commits. A local low-privileged user can trigger a dangling pointer to a stack-allocated walk_control structure when damos_walk() is invoked against an inactive DAMON context, with no public exploit identified at time of analysis and an EPSS probability of just 0.02%.

Information Disclosure Use After Free Memory Corruption Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43379 CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd allows remote unauthenticated attackers to potentially execute arbitrary code, disclose sensitive information, or cause denial of service. The vulnerability stems from improper RCU lock handling in smb_lazy_parent_lease_break_close() where opinfo pointer is dereferenced after RCU read unlock, creating a race condition. Patches available across multiple kernel versions (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). Despite critical CVSS 9.8 score, EPSS exploitation probability is low (0.02%, 5th percentile) and no active exploitation or public POC identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43378 CRITICAL PATCH Act Now

Use-after-free in the Linux kernel's ksmbd SMB server (smb2_open()) allows remote attackers to potentially trigger memory corruption when accessing an opinfo pointer dereferenced after rcu_read_unlock(). The flaw is fixed in upstream stable releases (6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0); no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Memory Corruption Information Disclosure Linux Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43376 CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd allows remote unauthenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service by racing oplock_info access during concurrent RCU read operations. The vulnerability stems from immediate kfree() without RCU grace period, enabling opinfo_get() to call atomic_inc_not_zero() on freed memory. CVSS 9.8 reflects network exploitability without authentication, though EPSS score of 0.02% (5th percentile) suggests minimal observed exploitation attempts. Vendor patches available across multiple kernel versions (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) with fixes referenced in five upstream commits. Not listed in CISA KEV; no public exploit code identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43374 HIGH PATCH This Week

Use-after-free in Linux kernel nexthop routing code allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs when removing a nexthop from a routing group, where percpu statistics memory is freed before the RCU grace period completes, allowing concurrent readers to access freed memory. Vendor patches available for stable kernel branches 6.12.78, 6.18.19, 6.19.9, and mainline 7.0. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV). CVSS 7.8 reflects local attack vector requiring authenticated access.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43370 HIGH PATCH This Week

Use-after-free race condition in Linux kernel amdgpu driver allows local authenticated users to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The flaw occurs when parent and child processes sharing a drm_file both attempt to acquire the same virtual memory context after fork(), due to non-atomic vm->process_info assignment. Patches released across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). EPSS score of 0.02% (7th percentile) indicates very low predicted exploitation probability despite CVSS 7.8 severity, and no active exploitation or public POC identified.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43339 HIGH PATCH This Week

Local privilege escalation in Linux kernel IPv6 address configuration subsystem enables authenticated local users to gain high-level system access through a use-after-free (UaF) condition in addrconf_permanent_addr(). Patch available across all maintained stable kernel series (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) with fixes backported from commit f1705ec197e7. EPSS score of 0.02% suggests minimal active exploitation likelihood, no KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43322 HIGH PATCH This Week

Use-after-free (UAF) in Linux kernel Bluetooth subsystem allows adjacent network attackers to trigger memory corruption via malformed LE Read Features Complete responses. The vulnerability occurs when hci_conn is freed before le_read_features_complete callback executes but after hci_le_read_remote_features_sync initiates, causing atomic operations on freed memory during hci_conn_drop. Active exploitation status not confirmed (no CISA KEV listing). EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. Upstream patches committed to stable kernel branches 6.19.12+ and 7.0+.

Information Disclosure Google Linux Use After Free Memory Corruption +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43303 HIGH PATCH This Week

Use-after-free in Linux kernel swap subsystem allows local authenticated users to achieve high-severity code execution, integrity violations, or denial of service. The vulnerability stems from multiple kernel subsystems (SLUB, shmem, TTM) failing to clear page->private fields before freeing memory, causing stale pointers to persist when pages are reallocated and split. The swap code then dereferences these uninitialized LIST_POISON values during swapoff operations, triggering KASAN-detected wild memory access. Patches available across kernel versions 6.18.16, 6.19.6, and 7.0, with EPSS score of 0.02% indicating low observed exploitation probability despite CVSS 7.8 rating.

Denial Of Service Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43284 HIGH POC PATCH CISA NEWS Act Now

Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5).

Information Disclosure Use After Free Memory Corruption Linux
NVD GitHub VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
0.0%
Threat
5.3
CVE-2026-7261 MEDIUM PATCH This Month

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. Patch availability is confirmed from the PHP development team.

Microsoft PHP Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-6722 CRITICAL POC PATCH NEWS Act Now

Use-after-free memory corruption in PHP 8.2.x enables remote attackers to achieve high-impact exploitation through network-accessible attack vectors, despite high attack complexity and specific timing requirements. PHP 8.2.31 addresses this vulnerability along with seven other security issues in a coordinated security release. The CVSS v4.0 score of 9.5 reflects both confidentiality and integrity impact across vulnerable and subsequent systems, with high availability impact. No public exploit code or active exploitation confirmed at time of analysis, but the vendor urgency indicator (U:Red) and release coordinator emphasis (RE:M) signal critical priority for organizations running PHP 8.2.x in production environments.

Microsoft PHP Use After Free Memory Corruption Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.3%
CVE-2026-8090 HIGH PATCH This Week

Use-after-free memory corruption in Firefox's DOM Networking component enables remote attackers to achieve unauthorized information disclosure, data manipulation, and service disruption without authentication or user interaction. Affects Firefox mainline and both Extended Support Release (ESR) branches. Mozilla shipped patches in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2. SSVC analysis indicates no confirmed exploitation but the vulnerability is fully automatable with partial technical impact across confidentiality, integrity, and availability. EPSS data not available but the network attack vector (AV:N) with no prerequisites (AC:L/PR:N/UI:N) presents significant exposure for unpatched installations.

Mozilla Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8016 HIGH PATCH This Week

Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8002 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS versions prior to 148.0.7778.96 enables attackers to execute arbitrary code within the browser's sandbox through a malicious HTML page exploiting a use-after-free vulnerability in the Audio subsystem. The vulnerability requires user interaction (visiting a crafted webpage) but no authentication, with CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability. Google has released patches in Chrome 148.0.7778.96; no active exploitation (KEV) or public POC has been identified at time of analysis, though the technical details are publicly accessible via Chromium issue tracker 495779613.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8001 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 on Linux, Mac, and ChromeOS allows remote attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the printing subsystem. Despite the 8.3 CVSS score, Chromium rates this Low severity because exploitation requires a two-stage attack chain (initial renderer compromise followed by sandbox escape). Vendor patch released as Chrome 148.0.7778.96. No evidence of active exploitation or public POC identified at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7991 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 through a use-after-free vulnerability in the UI component. Attackers who have already compromised the renderer process can escape sandbox restrictions and execute arbitrary code by delivering a specially crafted HTML page requiring user interaction. Google has released patch version 148.0.7778.96. No active exploitation confirmed in CISA KEV at time of analysis, though the vulnerability requires prior renderer compromise which increases attack complexity beyond the CVSS AC:L rating suggests.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7987 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7985 HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component affects versions prior to 148.0.7778.96. An attacker who has already compromised the renderer process can escalate privileges to break out of Chrome's sandbox by exploiting a use-after-free memory corruption vulnerability via a specially crafted HTML page. This requires high attack complexity and user interaction (visiting a malicious page). No active exploitation confirmed at time of analysis, and vendor-released patch (version 148.0.7778.96) is available. EPSS data not provided, but the combination of network vector, changed scope (S:C in CVSS), and sandbox escape capability makes this a priority update for Chrome deployments despite Chromium's 'Medium' internal severity rating.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7984 HIGH PATCH This Week

Remote code execution in Google Chrome's ReadingMode component (versions prior to 148.0.7778.96) allows attackers who have already compromised the renderer process to escape sandbox restrictions and execute arbitrary code on the underlying system. The vulnerability requires user interaction to visit a malicious webpage but exploitation complexity is low once renderer compromise is achieved. EPSS data not available; no CISA KEV listing identified at time of analysis, indicating no confirmed widespread exploitation. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7980 HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7976 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 via malicious extension exploitation of use-after-free in Views component. Successful exploitation requires convincing a user to install a crafted Chrome extension, after which the attacker can execute arbitrary code with Chrome's privileges. Google has released Chrome 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not listed in CISA KEV) or public proof-of-concept code identified at time of analysis. CVSS 7.5 severity driven by high attack complexity and required user interaction, which moderates real-world exploitation risk despite potential for full system compromise.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7975 HIGH PATCH This Week

Sandbox escape in Google Chrome's DevTools component allows attackers who have already compromised the renderer process to break out of the browser sandbox and execute code on the underlying system. Affects all Chrome versions prior to 148.0.7778.96. Google has released version 148.0.7778.96 to patch this vulnerability. The attack requires high complexity and user interaction (visiting a malicious page), but successful exploitation enables complete system compromise with changed scope (S:C in CVSS vector), escalating from renderer-level access to full system access. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7974 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Blink rendering engine through a specially crafted HTML page. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious webpage). EPSS data not available. Not listed in CISA KEV at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7970 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the TopChrome component. Attack requires user interaction with a malicious HTML page and has high attack complexity. EPSS data not available; no active exploitation confirmed at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7956 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free vulnerability in the Navigation component. This requires user interaction with a malicious HTML page and successful renderer compromise as a prerequisite, making it a two-stage attack requiring high attack complexity. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit or active exploitation (CISA KEV) identified at time of analysis. CVSS 8.3 (High) reflects the severe post-compromise impact (sandbox escape enabling system-level access), but real-world risk depends heavily on successful initial renderer compromise.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7940 HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine enables remote code execution inside the sandbox when users install a malicious extension. Google Chrome versions prior to 148.0.7778.96 are vulnerable to arbitrary code execution through specially crafted Chrome Extensions exploiting memory corruption in V8. CVSS rates this 8.8 (High) with network attack vector requiring user interaction. Vendor-released patch available in Chrome 148.0.7778.96 per Google's May 2026 stable channel update. EPSS and KEV data not provided; exploitation requires social engineering to install malicious extension, limiting automated exploitation scenarios.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7938 HIGH PATCH This Week

Remote code execution in Google Chrome before 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within the Chrome sandbox by exploiting a use-after-free vulnerability in the CSS rendering engine through a malicious webpage. Requires victim interaction (visiting attacker-controlled page) but needs no authentication. Vendor-released patch available as Chrome 148.0.7778.96. EPSS score not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though browser vulnerabilities are high-value targets.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7929 HIGH PATCH This Week

Remote code execution in Google Chrome's MediaRecording component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code when victims perform specific UI interactions with a malicious webpage. The use-after-free vulnerability in memory management has been patched by Google in version 148.0.7778.96. EPSS data not available; no CISA KEV listing identified, suggesting no confirmed widespread exploitation at time of analysis, though publicly available exploit code exists per Chromium bug tracker disclosure.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7928 HIGH PATCH This Week

Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.

Denial Of Service Microsoft Use After Free Memory Corruption RCE +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7926 HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Presentation API through a specially crafted HTML page. User interaction is required (visiting a malicious webpage). EPSS data not available for this recent CVE. No public exploit confirmed at time of analysis, though the vulnerability has been patched by Google in the stable channel release.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7925 HIGH PATCH This Week

Use-after-free memory corruption in Chrome Remote Desktop (Chromoting) on Windows enables local privilege escalation to SYSTEM via malicious file interaction. Attackers with local access can gain OS-level administrative control by inducing users to open specially crafted files processed by the Chromoting component. Patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity and high impact warrants immediate patching for Windows Chrome deployments, especially in multi-user environments where privilege boundaries are critical.

Denial Of Service Microsoft Use After Free Memory Corruption Privilege Escalation +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7922 HIGH PATCH This Week

Sandbox escape in Google Chrome via ServiceWorker use-after-free allows remote attackers to break out of Chrome's security sandbox through a specially crafted HTML page. Affects all Chrome versions prior to 148.0.7778.96. EPSS data not yet available for this recent CVE. Google has released a patch in version 148.0.7778.96. While rated high severity by Chromium project, the attack complexity is high (AC:H) and requires user interaction (UI:R), limiting widespread exploitation risk despite the critical scope change (S:C) indicating sandbox escape capability.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7921 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 enables attackers to execute arbitrary code by exploiting a use-after-free vulnerability in the Passwords component through a malicious HTML page. User interaction (visiting the crafted page) is required. CVSS score of 8.8 reflects network-based attack requiring no authentication but requiring user interaction, with high impact to confidentiality, integrity, and availability. Vendor patch available in Chrome 148.0.7778.96. No public exploitation confirmed at time of analysis.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7920 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the Skia graphics library. Exploitation requires user interaction with a malicious HTML page and successful prior renderer compromise, representing a second-stage attack rather than initial access. No active exploitation confirmed (not in CISA KEV), though the vulnerability's sandbox escape capability makes it valuable for targeted attack chains.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7919 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 enables remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a malicious webpage and presents high attack complexity, but successfully chains renderer compromise with sandbox escape to achieve full system impact. No active exploitation confirmed (not in CISA KEV), though this vulnerability class is frequently targeted given Chrome's wide deployment and the high value of sandbox escapes.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7918 HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component prior to version 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free memory corruption vulnerability triggered by a malicious web page. This represents a critical second-stage attack where initial renderer compromise is chained with GPU exploitation to achieve full system access. Vendor-released patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7917 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free flaw in the Fullscreen API. Affects Chrome versions prior to 148.0.7778.96 on Windows platforms. Google has released a patch (version 148.0.7778.96) and rated this High severity. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability requires initial renderer compromise making it a second-stage exploitation vector.

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7911 HIGH PATCH This Week

Sandbox escape in Google Chrome for Windows versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of the Chrome sandbox via a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a specially crafted HTML page and has high attack complexity (AC:H), but grants complete control over confidentiality, integrity, and availability with changed scope (S:C). No active exploitation confirmed in CISA KEV at time of analysis. EPSS data not provided, but the vulnerability targets a browser component with over 3 billion users globally.

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7910 CRITICAL PATCH Act Now

Use-after-free in the Views component of Google Chrome versions prior to 148.0.7778.96 enables site isolation bypass after renderer compromise. A remote attacker who has already compromised the renderer process can escape sandbox protections via a malicious HTML page, potentially accessing cross-origin data or executing code outside the renderer sandbox. Patch released by Google in version 148.0.7778.96. EPSS score of 0.02% (3rd percentile) indicates very low probability of exploitation in the wild currently, with no evidence of active exploitation or public proof-of-concept at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-7908 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers to break out of the browser's security sandbox through a use-after-free vulnerability in the Fullscreen API component. Attackers can deliver exploitation via a specially crafted HTML page requiring only user visit to the page (no additional interaction). With CVSS 9.6 (Critical) and scope change indicating containment breach, this represents a serious risk to browser security model integrity. No evidence of active exploitation (not in CISA KEV) and EPSS data not available at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-7907 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 via crafted HTML pages exploiting a use-after-free vulnerability in DOM handling. Remote unauthenticated attackers can achieve arbitrary code execution with high integrity and confidentiality impact by convincing users to visit a malicious webpage. Vendor patch released (Chrome 148.0.7778.96). No confirmed active exploitation (not in CISA KEV), but the low attack complexity (AC:L) and publicly disclosed bug tracker entry (Chromium issue 496292089) increase exploitation risk. EPSS data not provided but RCE in widely-deployed browser warrants immediate patching despite sandbox containment limiting full system compromise.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7906 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox through a use-after-free vulnerability in SVG rendering. User interaction (visiting a malicious webpage) is required, but no authentication is needed. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high impact if successfully exploited.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7901 HIGH PATCH This Week

Remote code execution in Google Chrome for macOS (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the ANGLE graphics library through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted webpage) but can be exploited remotely without authentication. Google has released Chrome 148.0.7778.96 to address this high-severity memory corruption issue, which affects the confidentiality, integrity, and availability of sandboxed browser processes.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7898 HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting component (remote desktop feature) on Linux allows unauthenticated attackers to execute arbitrary code through specially crafted network packets when a user interacts with a malicious remote desktop session. Fixed in Chrome 148.0.7778.96. Vendor rates severity as Critical. No public exploit code identified at time of analysis, but the use-after-free class (CWE-416) is well-understood and exploitable. CVSS 8.8 reflects network attack vector with low complexity requiring only user interaction, enabling full system compromise (high confidentiality, integrity, and availability impact).

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7897 HIGH PATCH This Week

Remote code execution in Google Chrome for iOS prior to version 148.0.7778.96 through use-after-free memory corruption in the mobile UI handler. Exploitation requires convincing a user to perform specific UI gestures while viewing a malicious HTML page. Google confirms Critical severity and has released a patched version. EPSS data unavailable; not currently listed in CISA KEV. Attack complexity is rated High due to the required user interaction pattern, limiting opportunistic exploitation but enabling targeted attacks via social engineering.

Denial Of Service Use After Free Memory Corruption RCE Apple +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-43237 HIGH PATCH This Week

Use-after-free and reference count underflow in the Linux kernel's amdgpu DRM driver allows local authenticated users with low privileges to cause kernel panic, denial of service, and potentially execute arbitrary code with kernel privileges. The vulnerability affects amdgpu_gem_va_ioctl handling of GPU timeline fences where stale or freed fences are used due to premature fence selection and improper reference management. Patch available in kernel versions 6.18.16, 6.19.6, and 7.0. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit or active exploitation has been identified.

Denial Of Service Linux Use After Free Memory Corruption Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43236 HIGH PATCH This Week

Use-after-free in Linux kernel's Atmel HLCDC DRM driver allows local authenticated users to execute arbitrary code, escalate privileges, or cause denial of service. The atmel_hlcdc_plane_atomic_duplicate_state() function incorrectly copies plane state without properly duplicating the drm_plane_state structure, leaving a stale commit pointer that triggers use-after-free during subsequent drm_atomic_commit() calls. Vulnerability surfaces when reopening the device node while another DRM client remains attached. EPSS score is low (0.02%) and no active exploitation confirmed at time of analysis, but local privilege escalation potential and vendor-released patches across multiple stable kernel branches indicate genuine risk for systems using Atmel HLCDC display hardware.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43232 HIGH PATCH This Week

Use-after-free in Linux kernel farsync driver allows remote code execution when FarSync T-series WAN cards are detached while tasklets remain active. The vulnerability occurs when fst_tx_task or fst_int_task continue executing after fst_card_info is freed in fst_remove_one(), causing the kernel to access deallocated memory. Despite the CVSS 8.8 score with network vector, the EPSS score is extremely low (0.02%, 7th percentile), suggesting minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Patches available across multiple stable kernel versions (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0).

Information Disclosure Linux Memory Corruption Use After Free Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43203 HIGH PATCH This Week

Use-after-free in Linux kernel fore200e ATM driver allows local attackers to achieve high-severity impacts during PCA-200E or SBA-200E adapter removal. When the device is detached, tx_tasklet or rx_tasklet may still be running and access already-freed memory in fore200e_tx_tasklet() or fore200e_rx_tasklet(), potentially leading to code execution, information disclosure, or denial of service. Patches available across stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. Not listed in CISA KEV. Identified through static analysis, suggesting no active in-the-wild exploitation at time of disclosure.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.

Information Disclosure Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43111 HIGH PATCH This Week

Race condition in Linux kernel HID roccat driver enables local privilege escalation through use-after-free memory corruption. Local authenticated attackers can exploit concurrent access to device reader lists during roccat_report_event() operations, achieving arbitrary code execution with high integrity impact (CVSS 7.8). Vendor-released patches available across multiple kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite moderate severity, suggesting limited weaponization in current threat landscape.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43084 HIGH PATCH This Week

Local privilege escalation in Linux kernel netfilter nfnetlink_queue allows authenticated users with low privileges to execute arbitrary code with high integrity and availability impact via race condition in shared hash table. The vulnerability stems from a use-after-free condition when multiple queues share a global hash table, enabling parallel CPU operations to access freed nf_queue_entry structures. EPSS score is low (0.02%, 5th percentile) indicating minimal observed exploitation activity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.24, 6.19.14) with upstream commits confirmed.

Denial Of Service Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43076 HIGH PATCH This Week

Use-after-free in Linux kernel's OCFS2 filesystem allows local attackers with user interaction to achieve arbitrary code execution, privilege escalation, or denial of service via crafted filesystem images. Affects kernels since initial OCFS2 implementation (2.6.16+) through 6.19.13. Vendor patches available across all supported stable branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation, though CVSS 7.8 reflects high impact if triggered. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23631 MEDIUM PATCH This Month

Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.

Redis Use After Free Memory Corruption RCE
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-23479 HIGH POC PATCH This Week

Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.

Redis Use After Free Memory Corruption RCE
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-24082 HIGH This Week

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device compromise. Low-privilege authenticated users can trigger memory corruption during performance counter deselect operations, gaining high-integrity code execution with kernel-level access. Qualcomm has released patches in their May 2026 security bulletin. EPSS data not yet available for this future-dated CVE; no confirmed active exploitation or public exploit code identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22166 HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22165 HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-31718 CRITICAL PATCH NEWS Act Now

Use-after-free in Linux kernel ksmbd (SMB server) during durable file handle scavenging allows memory corruption and potential remote code execution. When a durable SMB2 file handle survives session disconnect, the cleanup path dereferences a freed connection object via NULL fp->conn pointer during lock cleanup, causing a slab use-after-free. Exploitation probability is extremely low (EPSS 0.02%, 5th percentile) with no active exploitation confirmed. Vendor patches available across multiple stable kernel branches (6.12.84, 6.18.25, 7.0.2, 7.1-rc1) address the asymmetric cleanup by properly managing byte-range lock lifetimes during durable handle reconnection.

Use After Free Memory Corruption Information Disclosure Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31715 HIGH PATCH This Week

Use-after-free in Linux kernel F2FS filesystem allows local authenticated attackers to trigger kernel panic or potentially achieve code execution. The vulnerability (CWE-416) occurs during concurrent write callback and unmount operations when f2fs_write_end_io() decrements page count before checking node inode validity, leading to NULL pointer dereference. Discovered via xfstests generic/107 and syzbot fuzzing. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed. Vendor patches available across stable kernel branches 6.18.25, 7.0.2, and 7.1-rc1.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31703 HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31702 HIGH PATCH This Week

Use-after-free in Linux kernel f2fs compressed writeback allows local authenticated users to trigger memory corruption, potentially executing arbitrary code or causing system crashes. Affects f2fs-compressed filesystems in Linux kernel 5.6 through 7.1-rc2, with patches available in 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS 7.8 rating. This mirrors CVE-2026-23234's race condition pattern but in the compression code path that was missed by the earlier fix. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31695 HIGH PATCH This Week

Use-after-free in Linux kernel virt_wifi driver allows local authenticated users to trigger memory corruption during ethtool operations on virtual WiFi devices being unregistered. The vulnerability stems from improper device parent reference handling via SET_NETDEV_DEV, where ethnl_ops_begin() calls pm_runtime_get_sync() on already-freed memory when a virt_wifi device unregisters concurrently with ethtool operations. Patches are available across multiple stable kernel branches (5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit identified at time of analysis, though CVSS 7.8 reflects potential for complete system compromise if successfully triggered.

Red Hat Suse Memory Corruption Use After Free Information Disclosure +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43056 HIGH PATCH This Week

Use-after-free in Linux kernel's MANA network driver allows local authenticated attackers to corrupt memory and potentially execute code with kernel privileges. The flaw occurs when auxiliary_device_add() fails in add_adev(), triggering cleanup that frees memory still referenced by subsequent error-handling code. Patches available across stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem (Win32K - GRFX) allows authenticated users with low privileges to achieve SYSTEM-level access through a use-after-free memory corruption vulnerability. Affects multiple Windows 10, Windows 11, and Windows Server 2012 versions. Microsoft has released patches through their March 2026 security updates. The CVSS 7.0 (High) rating reflects high attack complexity (AC:H), requiring specific race condition timing or system state manipulation, though EPSS data is not yet available for this recently disclosed CVE.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Win32K graphics subsystem affects Windows 10 (1607 through 22H2), Windows 11 (all versions including 26H1 preview), and Windows Server 2012 through authenticated low-privileged local users exploiting a use-after-free memory corruption flaw. Microsoft has released security updates addressing this CWE-416 vulnerability with CVSS 7.8 severity. The local attack vector and low complexity (AC:L) indicate straightforward exploitation once local access is achieved, though no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Privilege escalation in Windows Win32K ICOMP component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 via a use-after-free memory corruption flaw. Low-privileged authenticated local attackers can exploit this to gain SYSTEM-level privileges with low attack complexity and no user interaction required. Microsoft has released patches addressing this vulnerability, tracked under MSRC guidance. No active exploitation or public exploit code has been identified at time of analysis, with EPSS data not yet available for this recent CVE.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption in Mozilla Firefox's WebAssembly JavaScript engine component allows remote attackers to trigger a use-after-free condition via crafted web content, with limited impact across confidentiality, integrity, and availability. The flaw affects Firefox versions prior to 150.0.3 and has no public exploit identified at time of analysis, though SSVC indicates the issue is automatable. EPSS scoring (0.02%, 5th percentile) suggests very low near-term exploitation probability despite the network-reachable attack vector.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Use After Free Memory Corruption RCE
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.

Denial Of Service Apple Use After Free +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash Apple devices or corrupt kernel memory without authentication via a use-after-free vulnerability affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has released patches across eight separate security bulletins (HT127110-127120) fixing this memory management flaw in all supported OS versions. EPSS score of 0.10% (28th percentile) suggests low exploitation probability despite the network-accessible attack vector and lack of authentication requirements. No active exploitation or public POC identified at time of analysis.

Denial Of Service Apple Use After Free +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in Apple macOS prior to version 26.5 allows remote attackers to crash Safari via maliciously crafted web content that triggers a use-after-free memory condition. The vulnerability requires user interaction (opening a malicious webpage) but no authentication, affecting all macOS versions before 26.5. EPSS exploitation probability is very low at 0.02%, suggesting limited real-world attack incentive despite the crash capability.

Denial Of Service Apple Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in WebKit allows remote attackers to trigger Safari crashes and potentially achieve arbitrary code execution across Apple's entire ecosystem (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) via maliciously crafted web content. Users must visit or be tricked into visiting a malicious webpage (UI:R). Despite CVSS 8.8 (High) with theoretical code execution impact (C:H/I:H/A:H), EPSS probability is extremely low (0.02%, 5th percentile), indicating minimal observed exploitation activity. No public exploit identified at time of analysis, and vendor patches are available across all platforms as of version 26.5.

Denial Of Service Apple Use After Free +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in WebKit across Apple's entire operating system ecosystem enables remote information disclosure via malicious web content. Affects iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS versions prior to 26.5. The vulnerability allows network-based unauthenticated attackers to access high-value confidential information through crafted web pages, though the CVE description anomalously mentions process crash (availability impact) while the CVSS vector indicates confidentiality impact only. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) suggests low likelihood of imminent widespread exploitation despite the broad platform impact and network attack vector.

Denial Of Service Apple Use After Free +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free memory corruption in Apple operating systems allows high confidentiality impact through unexpected system termination. Affects iOS/iPadOS versions before 18.7.9 and 26.5, macOS Sequoia before 15.7.7, macOS Sonoma before 14.8.7, macOS Tahoe before 26.5, tvOS before 26.5, visionOS before 26.5, and watchOS before 26.5. Vendor-released patches are available across all affected platforms. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability in the wild, and no public exploit identified at time of analysis. CVSS vector indicates network-reachable attack surface with no authentication required, though the description states only 'an app' can trigger the condition, suggesting conflicting attack vector classification.

Denial Of Service Apple Use After Free +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari on Apple platforms crashes when processing maliciously crafted web content due to a use-after-free vulnerability in memory management, resulting in denial of service. Affects iOS and iPadOS below 26.5, macOS Tahoe below 26.5, tvOS below 26.5, visionOS below 26.5, and watchOS below 26.5. Exploitation requires user interaction to visit a malicious webpage but does not allow code execution or information disclosure.

Denial Of Service Apple Use After Free +5
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in Linux kernel ASoC (ALSA System on Chip) subsystem allows local authenticated users with open audio streams to trigger memory corruption during sound card unbind operations. The flaw occurs when PCM stream closure schedules delayed DAPM (Dynamic Audio Power Management) work after widgets are freed, enabling potential privilege escalation or denial of service. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). No CISA KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel's CAIF serial driver allows attackers with local access to trigger a use-after-free condition in pty_write_room() via the caif_serial line discipline. The flaw stems from missing reference counting on tty->link, enabling memory corruption that can lead to arbitrary kernel code execution with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with an EPSS score of 0.02% (7th percentile) indicating low likelihood of widespread exploitation.

Memory Corruption Information Disclosure Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel iavf driver allows local authenticated users to execute arbitrary code, escalate privileges, or crash the system. The vulnerability affects Intel Ethernet Adaptive Virtual Function (iavf) driver's PTP implementation where a worker thread continues accessing freed memory during network adapter reset or disable operations. Patch available from kernel.org upstream commits across multiple stable branches (6.18.19, 6.19.9, 7.0+). EPSS score of 0.02% (4th percentile) indicates low observed exploitation likelihood, and no CISA KEV listing confirms this remains a theoretical risk requiring local access with low privileges.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's Microsoft Azure Network Adapter (mana) driver allows a low-privileged local user to trigger a use-after-free via a double destroy_workqueue() call on the gc->service_wq pointer when mana_gd_setup() fails. The flaw, fixed in the 6.18.x and 6.19.x stable trees, has no public exploit identified at time of analysis and an EPSS of 0.02% (4th percentile), but carries a CVSS of 7.8 due to high confidentiality, integrity, and availability impact within the kernel.

Memory Corruption Information Disclosure Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Reference count underflow in Linux kernel sched_ext subsystem enables local privilege escalation to execute arbitrary code with kernel privileges. The flaw affects kernel versions 6.12 through 6.19.x (prior to patched releases 6.12.78, 6.18.19, 6.19.9, 7.0), scoring CVSS 7.8 with local attack vector requiring low privileges. Vendor patches available via stable kernel updates. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit code or active exploitation confirmed at time of analysis, though the Use-After-Free primitive could enable kernel memory corruption attacks.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel ALSA PCM subsystem allows local authenticated users to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in snd_pcm_drain() when a linked stream's runtime structure is freed via concurrent close() while still being dereferenced, enabling information disclosure, system crashes, or privilege escalation. With EPSS at 0.02% (7th percentile) and CVSS 7.8, this represents elevated theoretical risk but shows no evidence of active exploitation or public POC at time of analysis. Vendor patches are available across multiple stable kernel branches (5.10.253, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0).

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's Renesas USB host (renesas_usbhs) driver allows a local low-privileged attacker to potentially corrupt memory or escalate privileges during device removal. The flaw stems from the interrupt handler remaining registered while driver resources, including the pipe array, are freed in usbhs_remove(), creating a race window where the ISR can dereference freed memory. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the kernel-level memory corruption impact (CVSS 7.8) makes it a meaningful local risk on affected Renesas USB hardware.

Memory Corruption Information Disclosure Linux +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel kthread subsystem enables memory corruption leading to arbitrary code execution or denial of service. The vulnerability arises when kernel threads exit via make_task_dead() instead of kthread_exit(), bypassing affinity_node cleanup. This causes dangling pointers in the global kthread_affinity_list that corrupt freed memory reused by the SLAB allocator, specifically overwriting RCU callback function pointers in struct pid objects. CVSS rates this 9.8 critical, though the network attack vector appears misclassified since kernel thread manipulation requires local code execution. EPSS score of 0.02% (4th percentile) indicates low predicted exploitation likelihood despite severity. Vendor patches available for Linux 6.18.19, 6.19.9, and 7.0 via upstream commits.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in the Linux kernel's DAMON (Data Access MONitor) subsystem affects systems running kernel version 6.14 and related stable branches prior to the patched commits. A local low-privileged user can trigger a dangling pointer to a stack-allocated walk_control structure when damos_walk() is invoked against an inactive DAMON context, with no public exploit identified at time of analysis and an EPSS probability of just 0.02%.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd allows remote unauthenticated attackers to potentially execute arbitrary code, disclose sensitive information, or cause denial of service. The vulnerability stems from improper RCU lock handling in smb_lazy_parent_lease_break_close() where opinfo pointer is dereferenced after RCU read unlock, creating a race condition. Patches available across multiple kernel versions (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). Despite critical CVSS 9.8 score, EPSS exploitation probability is low (0.02%, 5th percentile) and no active exploitation or public POC identified at time of analysis.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in the Linux kernel's ksmbd SMB server (smb2_open()) allows remote attackers to potentially trigger memory corruption when accessing an opinfo pointer dereferenced after rcu_read_unlock(). The flaw is fixed in upstream stable releases (6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0); no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Memory Corruption Information Disclosure Linux +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd allows remote unauthenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service by racing oplock_info access during concurrent RCU read operations. The vulnerability stems from immediate kfree() without RCU grace period, enabling opinfo_get() to call atomic_inc_not_zero() on freed memory. CVSS 9.8 reflects network exploitability without authentication, though EPSS score of 0.02% (5th percentile) suggests minimal observed exploitation attempts. Vendor patches available across multiple kernel versions (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) with fixes referenced in five upstream commits. Not listed in CISA KEV; no public exploit code identified at time of analysis.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel nexthop routing code allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs when removing a nexthop from a routing group, where percpu statistics memory is freed before the RCU grace period completes, allowing concurrent readers to access freed memory. Vendor patches available for stable kernel branches 6.12.78, 6.18.19, 6.19.9, and mainline 7.0. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV). CVSS 7.8 reflects local attack vector requiring authenticated access.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free race condition in Linux kernel amdgpu driver allows local authenticated users to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The flaw occurs when parent and child processes sharing a drm_file both attempt to acquire the same virtual memory context after fork(), due to non-atomic vm->process_info assignment. Patches released across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). EPSS score of 0.02% (7th percentile) indicates very low predicted exploitation probability despite CVSS 7.8 severity, and no active exploitation or public POC identified.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Linux kernel IPv6 address configuration subsystem enables authenticated local users to gain high-level system access through a use-after-free (UaF) condition in addrconf_permanent_addr(). Patch available across all maintained stable kernel series (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) with fixes backported from commit f1705ec197e7. EPSS score of 0.02% suggests minimal active exploitation likelihood, no KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free (UAF) in Linux kernel Bluetooth subsystem allows adjacent network attackers to trigger memory corruption via malformed LE Read Features Complete responses. The vulnerability occurs when hci_conn is freed before le_read_features_complete callback executes but after hci_le_read_remote_features_sync initiates, causing atomic operations on freed memory during hci_conn_drop. Active exploitation status not confirmed (no CISA KEV listing). EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. Upstream patches committed to stable kernel branches 6.19.12+ and 7.0+.

Information Disclosure Google Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel swap subsystem allows local authenticated users to achieve high-severity code execution, integrity violations, or denial of service. The vulnerability stems from multiple kernel subsystems (SLUB, shmem, TTM) failing to clear page->private fields before freeing memory, causing stale pointers to persist when pages are reallocated and split. The swap code then dereferences these uninitialized LIST_POISON values during swapoff operations, triggering KASAN-detected wild memory access. Patches available across kernel versions 6.18.16, 6.19.6, and 7.0, with EPSS score of 0.02% indicating low observed exploitation probability despite CVSS 7.8 rating.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% 5.3 CVSS 8.8
HIGH POC PATCH Act Now

Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5).

Information Disclosure Use After Free Memory Corruption +1
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. Patch availability is confirmed from the PHP development team.

Microsoft PHP Use After Free +4
NVD GitHub VulDB
EPSS 0% CVSS 9.5
CRITICAL POC PATCH Act Now

Use-after-free memory corruption in PHP 8.2.x enables remote attackers to achieve high-impact exploitation through network-accessible attack vectors, despite high attack complexity and specific timing requirements. PHP 8.2.31 addresses this vulnerability along with seven other security issues in a coordinated security release. The CVSS v4.0 score of 9.5 reflects both confidentiality and integrity impact across vulnerable and subsequent systems, with high availability impact. No public exploit code or active exploitation confirmed at time of analysis, but the vendor urgency indicator (U:Red) and release coordinator emphasis (RE:M) signal critical priority for organizations running PHP 8.2.x in production environments.

Microsoft PHP Use After Free +2
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free memory corruption in Firefox's DOM Networking component enables remote attackers to achieve unauthorized information disclosure, data manipulation, and service disruption without authentication or user interaction. Affects Firefox mainline and both Extended Support Release (ESR) branches. Mozilla shipped patches in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2. SSVC analysis indicates no confirmed exploitation but the vulnerability is fully automatable with partial technical impact across confidentiality, integrity, and availability. EPSS data not available but the network attack vector (AV:N) with no prerequisites (AC:L/PR:N/UI:N) presents significant exposure for unpatched installations.

Mozilla Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS versions prior to 148.0.7778.96 enables attackers to execute arbitrary code within the browser's sandbox through a malicious HTML page exploiting a use-after-free vulnerability in the Audio subsystem. The vulnerability requires user interaction (visiting a crafted webpage) but no authentication, with CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability. Google has released patches in Chrome 148.0.7778.96; no active exploitation (KEV) or public POC has been identified at time of analysis, though the technical details are publicly accessible via Chromium issue tracker 495779613.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 on Linux, Mac, and ChromeOS allows remote attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the printing subsystem. Despite the 8.3 CVSS score, Chromium rates this Low severity because exploitation requires a two-stage attack chain (initial renderer compromise followed by sandbox escape). Vendor patch released as Chrome 148.0.7778.96. No evidence of active exploitation or public POC identified at time of analysis.

Google Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 through a use-after-free vulnerability in the UI component. Attackers who have already compromised the renderer process can escape sandbox restrictions and execute arbitrary code by delivering a specially crafted HTML page requiring user interaction. Google has released patch version 148.0.7778.96. No active exploitation confirmed in CISA KEV at time of analysis, though the vulnerability requires prior renderer compromise which increases attack complexity beyond the CVSS AC:L rating suggests.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component affects versions prior to 148.0.7778.96. An attacker who has already compromised the renderer process can escalate privileges to break out of Chrome's sandbox by exploiting a use-after-free memory corruption vulnerability via a specially crafted HTML page. This requires high attack complexity and user interaction (visiting a malicious page). No active exploitation confirmed at time of analysis, and vendor-released patch (version 148.0.7778.96) is available. EPSS data not provided, but the combination of network vector, changed scope (S:C in CVSS), and sandbox escape capability makes this a priority update for Chrome deployments despite Chromium's 'Medium' internal severity rating.

Google Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's ReadingMode component (versions prior to 148.0.7778.96) allows attackers who have already compromised the renderer process to escape sandbox restrictions and execute arbitrary code on the underlying system. The vulnerability requires user interaction to visit a malicious webpage but exploitation complexity is low once renderer compromise is achieved. EPSS data not available; no CISA KEV listing identified at time of analysis, indicating no confirmed widespread exploitation. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 via malicious extension exploitation of use-after-free in Views component. Successful exploitation requires convincing a user to install a crafted Chrome extension, after which the attacker can execute arbitrary code with Chrome's privileges. Google has released Chrome 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not listed in CISA KEV) or public proof-of-concept code identified at time of analysis. CVSS 7.5 severity driven by high attack complexity and required user interaction, which moderates real-world exploitation risk despite potential for full system compromise.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's DevTools component allows attackers who have already compromised the renderer process to break out of the browser sandbox and execute code on the underlying system. Affects all Chrome versions prior to 148.0.7778.96. Google has released version 148.0.7778.96 to patch this vulnerability. The attack requires high complexity and user interaction (visiting a malicious page), but successful exploitation enables complete system compromise with changed scope (S:C in CVSS vector), escalating from renderer-level access to full system access. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Blink rendering engine through a specially crafted HTML page. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious webpage). EPSS data not available. Not listed in CISA KEV at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the TopChrome component. Attack requires user interaction with a malicious HTML page and has high attack complexity. EPSS data not available; no active exploitation confirmed at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free vulnerability in the Navigation component. This requires user interaction with a malicious HTML page and successful renderer compromise as a prerequisite, making it a two-stage attack requiring high attack complexity. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit or active exploitation (CISA KEV) identified at time of analysis. CVSS 8.3 (High) reflects the severe post-compromise impact (sandbox escape enabling system-level access), but real-world risk depends heavily on successful initial renderer compromise.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine enables remote code execution inside the sandbox when users install a malicious extension. Google Chrome versions prior to 148.0.7778.96 are vulnerable to arbitrary code execution through specially crafted Chrome Extensions exploiting memory corruption in V8. CVSS rates this 8.8 (High) with network attack vector requiring user interaction. Vendor-released patch available in Chrome 148.0.7778.96 per Google's May 2026 stable channel update. EPSS and KEV data not provided; exploitation requires social engineering to install malicious extension, limiting automated exploitation scenarios.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome before 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within the Chrome sandbox by exploiting a use-after-free vulnerability in the CSS rendering engine through a malicious webpage. Requires victim interaction (visiting attacker-controlled page) but needs no authentication. Vendor-released patch available as Chrome 148.0.7778.96. EPSS score not provided; no CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though browser vulnerabilities are high-value targets.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome's MediaRecording component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code when victims perform specific UI interactions with a malicious webpage. The use-after-free vulnerability in memory management has been patched by Google in version 148.0.7778.96. EPSS data not available; no CISA KEV listing identified, suggesting no confirmed widespread exploitation at time of analysis, though publicly available exploit code exists per Chromium bug tracker disclosure.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for Windows below version 148.0.7778.96 allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages exploiting a use-after-free vulnerability in the WebRTC implementation. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided, but Google's 'High' severity classification and immediate patch release indicate active concern. No CISA KEV listing or public POC identified at time of analysis, though the vulnerability is already patched.

Denial Of Service Microsoft Use After Free +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Presentation API through a specially crafted HTML page. User interaction is required (visiting a malicious webpage). EPSS data not available for this recent CVE. No public exploit confirmed at time of analysis, though the vulnerability has been patched by Google in the stable channel release.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free memory corruption in Chrome Remote Desktop (Chromoting) on Windows enables local privilege escalation to SYSTEM via malicious file interaction. Attackers with local access can gain OS-level administrative control by inducing users to open specially crafted files processed by the Chromoting component. Patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity and high impact warrants immediate patching for Windows Chrome deployments, especially in multi-user environments where privilege boundaries are critical.

Denial Of Service Microsoft Use After Free +6
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome via ServiceWorker use-after-free allows remote attackers to break out of Chrome's security sandbox through a specially crafted HTML page. Affects all Chrome versions prior to 148.0.7778.96. EPSS data not yet available for this recent CVE. Google has released a patch in version 148.0.7778.96. While rated high severity by Chromium project, the attack complexity is high (AC:H) and requires user interaction (UI:R), limiting widespread exploitation risk despite the critical scope change (S:C) indicating sandbox escape capability.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 enables attackers to execute arbitrary code by exploiting a use-after-free vulnerability in the Passwords component through a malicious HTML page. User interaction (visiting the crafted page) is required. CVSS score of 8.8 reflects network-based attack requiring no authentication but requiring user interaction, with high impact to confidentiality, integrity, and availability. Vendor patch available in Chrome 148.0.7778.96. No public exploitation confirmed at time of analysis.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the Skia graphics library. Exploitation requires user interaction with a malicious HTML page and successful prior renderer compromise, representing a second-stage attack rather than initial access. No active exploitation confirmed (not in CISA KEV), though the vulnerability's sandbox escape capability makes it valuable for targeted attack chains.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 enables remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a malicious webpage and presents high attack complexity, but successfully chains renderer compromise with sandbox escape to achieve full system impact. No active exploitation confirmed (not in CISA KEV), though this vulnerability class is frequently targeted given Chrome's wide deployment and the high value of sandbox escapes.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component prior to version 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free memory corruption vulnerability triggered by a malicious web page. This represents a critical second-stage attack where initial renderer compromise is chained with GPU exploitation to achieve full system access. Vendor-released patch available in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept at time of analysis.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free flaw in the Fullscreen API. Affects Chrome versions prior to 148.0.7778.96 on Windows platforms. Google has released a patch (version 148.0.7778.96) and rated this High severity. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability requires initial renderer compromise making it a second-stage exploitation vector.

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome for Windows versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of the Chrome sandbox via a use-after-free vulnerability in the Aura UI framework. The attack requires user interaction with a specially crafted HTML page and has high attack complexity (AC:H), but grants complete control over confidentiality, integrity, and availability with changed scope (S:C). No active exploitation confirmed in CISA KEV at time of analysis. EPSS data not provided, but the vulnerability targets a browser component with over 3 billion users globally.

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free in the Views component of Google Chrome versions prior to 148.0.7778.96 enables site isolation bypass after renderer compromise. A remote attacker who has already compromised the renderer process can escape sandbox protections via a malicious HTML page, potentially accessing cross-origin data or executing code outside the renderer sandbox. Patch released by Google in version 148.0.7778.96. EPSS score of 0.02% (3rd percentile) indicates very low probability of exploitation in the wild currently, with no evidence of active exploitation or public proof-of-concept at time of analysis.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers to break out of the browser's security sandbox through a use-after-free vulnerability in the Fullscreen API component. Attackers can deliver exploitation via a specially crafted HTML page requiring only user visit to the page (no additional interaction). With CVSS 9.6 (Critical) and scope change indicating containment breach, this represents a serious risk to browser security model integrity. No evidence of active exploitation (not in CISA KEV) and EPSS data not available at time of analysis.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 via crafted HTML pages exploiting a use-after-free vulnerability in DOM handling. Remote unauthenticated attackers can achieve arbitrary code execution with high integrity and confidentiality impact by convincing users to visit a malicious webpage. Vendor patch released (Chrome 148.0.7778.96). No confirmed active exploitation (not in CISA KEV), but the low attack complexity (AC:L) and publicly disclosed bug tracker entry (Chromium issue 496292089) increase exploitation risk. EPSS data not provided but RCE in widely-deployed browser warrants immediate patching despite sandbox containment limiting full system compromise.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox through a use-after-free vulnerability in SVG rendering. User interaction (visiting a malicious webpage) is required, but no authentication is needed. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high impact if successfully exploited.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for macOS (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the ANGLE graphics library through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted webpage) but can be exploited remotely without authentication. Google has released Chrome 148.0.7778.96 to address this high-severity memory corruption issue, which affects the confidentiality, integrity, and availability of sandboxed browser processes.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting component (remote desktop feature) on Linux allows unauthenticated attackers to execute arbitrary code through specially crafted network packets when a user interacts with a malicious remote desktop session. Fixed in Chrome 148.0.7778.96. Vendor rates severity as Critical. No public exploit code identified at time of analysis, but the use-after-free class (CWE-416) is well-understood and exploitable. CVSS 8.8 reflects network attack vector with low complexity requiring only user interaction, enabling full system compromise (high confidentiality, integrity, and availability impact).

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome for iOS prior to version 148.0.7778.96 through use-after-free memory corruption in the mobile UI handler. Exploitation requires convincing a user to perform specific UI gestures while viewing a malicious HTML page. Google confirms Critical severity and has released a patched version. EPSS data unavailable; not currently listed in CISA KEV. Attack complexity is rated High due to the required user interaction pattern, limiting opportunistic exploitation but enabling targeted attacks via social engineering.

Denial Of Service Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free and reference count underflow in the Linux kernel's amdgpu DRM driver allows local authenticated users with low privileges to cause kernel panic, denial of service, and potentially execute arbitrary code with kernel privileges. The vulnerability affects amdgpu_gem_va_ioctl handling of GPU timeline fences where stale or freed fences are used due to premature fence selection and improper reference management. Patch available in kernel versions 6.18.16, 6.19.6, and 7.0. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit or active exploitation has been identified.

Denial Of Service Linux Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's Atmel HLCDC DRM driver allows local authenticated users to execute arbitrary code, escalate privileges, or cause denial of service. The atmel_hlcdc_plane_atomic_duplicate_state() function incorrectly copies plane state without properly duplicating the drm_plane_state structure, leaving a stale commit pointer that triggers use-after-free during subsequent drm_atomic_commit() calls. Vulnerability surfaces when reopening the device node while another DRM client remains attached. EPSS score is low (0.02%) and no active exploitation confirmed at time of analysis, but local privilege escalation potential and vendor-released patches across multiple stable kernel branches indicate genuine risk for systems using Atmel HLCDC display hardware.

Information Disclosure Linux Use After Free +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Linux kernel farsync driver allows remote code execution when FarSync T-series WAN cards are detached while tasklets remain active. The vulnerability occurs when fst_tx_task or fst_int_task continue executing after fst_card_info is freed in fst_remove_one(), causing the kernel to access deallocated memory. Despite the CVSS 8.8 score with network vector, the EPSS score is extremely low (0.02%, 7th percentile), suggesting minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV). Patches available across multiple stable kernel versions (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0).

Information Disclosure Linux Memory Corruption +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in Linux kernel fore200e ATM driver allows local attackers to achieve high-severity impacts during PCA-200E or SBA-200E adapter removal. When the device is detached, tx_tasklet or rx_tasklet may still be running and access already-freed memory in fore200e_tx_tasklet() or fore200e_rx_tasklet(), potentially leading to code execution, information disclosure, or denial of service. Patches available across stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. Not listed in CISA KEV. Identified through static analysis, suggesting no active in-the-wild exploitation at time of disclosure.

Information Disclosure Linux Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.

Information Disclosure Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in Linux kernel HID roccat driver enables local privilege escalation through use-after-free memory corruption. Local authenticated attackers can exploit concurrent access to device reader lists during roccat_report_event() operations, achieving arbitrary code execution with high integrity impact (CVSS 7.8). Vendor-released patches available across multiple kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite moderate severity, suggesting limited weaponization in current threat landscape.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Linux kernel netfilter nfnetlink_queue allows authenticated users with low privileges to execute arbitrary code with high integrity and availability impact via race condition in shared hash table. The vulnerability stems from a use-after-free condition when multiple queues share a global hash table, enabling parallel CPU operations to access freed nf_queue_entry structures. EPSS score is low (0.02%, 5th percentile) indicating minimal observed exploitation activity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.24, 6.19.14) with upstream commits confirmed.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's OCFS2 filesystem allows local attackers with user interaction to achieve arbitrary code execution, privilege escalation, or denial of service via crafted filesystem images. Affects kernels since initial OCFS2 implementation (2.6.16+) through 6.19.13. Vendor patches available across all supported stable branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation, though CVSS 7.8 reflects high impact if triggered. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.

Redis Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.

Redis Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device compromise. Low-privilege authenticated users can trigger memory corruption during performance counter deselect operations, gaining high-integrity code execution with kernel-level access. Qualcomm has released patches in their May 2026 security bulletin. EPSS data not yet available for this future-dated CVE; no confirmed active exploitation or public exploit code identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd (SMB server) during durable file handle scavenging allows memory corruption and potential remote code execution. When a durable SMB2 file handle survives session disconnect, the cleanup path dereferences a freed connection object via NULL fp->conn pointer during lock cleanup, causing a slab use-after-free. Exploitation probability is extremely low (EPSS 0.02%, 5th percentile) with no active exploitation confirmed. Vendor patches available across multiple stable kernel branches (6.12.84, 6.18.25, 7.0.2, 7.1-rc1) address the asymmetric cleanup by properly managing byte-range lock lifetimes during durable handle reconnection.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel F2FS filesystem allows local authenticated attackers to trigger kernel panic or potentially achieve code execution. The vulnerability (CWE-416) occurs during concurrent write callback and unmount operations when f2fs_write_end_io() decrements page count before checking node inode validity, leading to NULL pointer dereference. Discovered via xfstests generic/107 and syzbot fuzzing. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed. Vendor patches available across stable kernel branches 6.18.25, 7.0.2, and 7.1-rc1.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel f2fs compressed writeback allows local authenticated users to trigger memory corruption, potentially executing arbitrary code or causing system crashes. Affects f2fs-compressed filesystems in Linux kernel 5.6 through 7.1-rc2, with patches available in 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS 7.8 rating. This mirrors CVE-2026-23234's race condition pattern but in the compression code path that was missed by the earlier fix. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel virt_wifi driver allows local authenticated users to trigger memory corruption during ethtool operations on virtual WiFi devices being unregistered. The vulnerability stems from improper device parent reference handling via SET_NETDEV_DEV, where ethnl_ops_begin() calls pm_runtime_get_sync() on already-freed memory when a virt_wifi device unregisters concurrently with ethtool operations. Patches are available across multiple stable kernel branches (5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit identified at time of analysis, though CVSS 7.8 reflects potential for complete system compromise if successfully triggered.

Red Hat Suse Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's MANA network driver allows local authenticated attackers to corrupt memory and potentially execute code with kernel privileges. The flaw occurs when auxiliary_device_add() fails in add_adev(), triggering cleanup that frees memory still referenced by subsequent error-handling code. Patches available across stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Use After Free +3
NVD VulDB
Prev Page 10 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy