Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2026-24678 HIGH PATCH This Week

Denial-of-service in FreeRDP's camera redirection (rdpecam) client channel allows a malicious or compromised RDP server to crash connected clients running versions prior to 3.22.0. The capture thread continues sending sample responses through a channel callback that was already freed when the device channel closed, producing a use-after-free in ecam_channel_write. EPSS is low (0.02%), it is not on CISA KEV, and no public exploit identified at time of analysis, but an upstream fix and multiple distro advisories exist.

Use After Free Freerdp Denial Of Service Memory Corruption
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-24677 CRITICAL PATCH Act Now

FreeRDP prior to 3.22.0 has a use-after-free in ecam_encoder_compress allowing malicious RDP servers to crash or execute code on clients.

Use After Free Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-24676 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio format renegotiation that allows unauthenticated attackers to cause denial of service by triggering a crash through audio processing. The vulnerability occurs when the AUDIN format list is freed during renegotiation while the capture thread continues accessing the freed memory, affecting any system running vulnerable FreeRDP instances. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24675 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the libusb device interface selection code where error handling prematurely frees configuration data that subsequent code attempts to access, causing denial of service. This vulnerability affects systems using FreeRDP for remote desktop protocol operations and can be triggered remotely without authentication or user interaction. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24491 HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 are vulnerable to a use-after-free condition where the video_timer component sends notifications after the control channel closes, dereferencing freed memory and causing denial of service. An unauthenticated remote attacker can trigger this crash by manipulating RDP session timing, making the vulnerability exploitable with no user interaction required. A patch is available in FreeRDP 3.22.0 and later.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24927 MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24917 MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24914 MEDIUM This Month

Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Use After Free Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-25507 MEDIUM PATCH This Month

Espressif IoT Development Framework versions 5.1.6-5.5.2 contain a use-after-free vulnerability in the BLE provisioning layer that allows remote attackers to trigger memory corruption when provisioning is stopped with keep_ble_on enabled. A connected BLE client can exploit freed GATT metadata through read/write callbacks to cause denial of service or potential code execution. Patches are available for all affected versions.

IoT Use After Free Esp Idf
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-23089 HIGH POC PATCH This Week

A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.

Linux Use After Free Memory Corruption Information Disclosure Linux Kernel +2
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23077 HIGH PATCH This Week

Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.

Linux Memory Corruption Information Disclosure Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23074 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's teql qdisc implementation allows local attackers with low privileges to trigger memory corruption and cause denial of service or potential code execution by improperly nesting teql as a non-root qdisc when it is designed to operate only as a root qdisc. The flaw exists due to missing validation of qdisc constraints and currently has no available patch. This affects all Linux systems using the vulnerable kernel versions.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71199 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq).

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-20414 MEDIUM This Month

Android's imgsys component contains a use-after-free vulnerability that allows privilege escalation when exploited by an attacker who already has system-level access. The flaw requires no user interaction and could enable a malicious actor to escalate their privileges further within the device. Currently, no patch is available to address this vulnerability.

Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20411 HIGH This Week

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-63652 HIGH POC This Week

A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-63651 HIGH POC This Week

A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2025-33217 HIGH This Week

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]

Windows Use After Free Denial Of Service Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22264 HIGH PATCH This Week

Heap use-after-free in Suricata prior to versions 8.0.3 and 7.0.14 can be triggered via integer overflow when processing packets that generate excessive alert conditions, allowing an attacker to crash the IDS/IPS engine or potentially achieve code execution. Affected deployments using large rulesets are at risk when processing malicious or crafted network traffic designed to trigger simultaneous signature matches. Patches are available for both affected versions.

Use After Free Integer Overflow Suricata Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-24869 HIGH PATCH This Week

Firefox versions prior to 147.0.2 contain a use-after-free vulnerability in the Layout: Scrolling and Overflow component that can be triggered by user interaction, allowing remote attackers to achieve code execution with high integrity and confidentiality impact. The vulnerability requires network access and user interaction but does not require authentication, making it exploitable through malicious web content. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Buffer Overflow Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23013 HIGH PATCH This Week

The Linux kernel's Octeon EP VF driver contains a use-after-free vulnerability in IRQ error handling where mismatched device IDs between request_irq() and free_irq() calls can leave IRQ handlers registered after their associated memory is freed. A local attacker with standard privileges can trigger an interrupt after the vulnerable ioq_vector structure is deallocated, causing a kernel crash or potential code execution. No patch is currently available.

Linux Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23012 HIGH PATCH This Week

A use-after-free vulnerability in Linux kernel DAMON subsystem allows local users with sysfs write permissions to trigger memory corruption by calling damon_call() against inactive contexts, causing dangling pointers in the call_controls list. An attacker could leverage this to achieve information disclosure or denial of service, though exploitation complexity is moderate due to permission requirements. The vulnerability currently lacks a patch and affects Linux kernel versions with the vulnerable DAMON code.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23010 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's IPv6 address deletion function allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code or cause a denial of service. The flaw occurs when ipv6_del_addr() is called prematurely before temporary address flags are read, leaving a dangling pointer reference. No patch is currently available for this high-severity vulnerability affecting Linux systems.

Linux Use After Free Information Disclosure Memory Corruption Google
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23001 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's macvlan driver allows local attackers with user privileges to cause memory corruption and potential privilege escalation through improper RCU synchronization in the macvlan_forward_source() function. The flaw stems from missing RCU protection when clearing vlan pointers during source entry deletion, enabling attackers to access freed memory structures. No patch is currently available for this HIGH severity vulnerability affecting Linux distributions.

Linux Google Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71162 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. [CVSS 7.8 HIGH]

Linux Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-13952 CRITICAL Act Now

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.

Use After Free Denial Of Service Ddk
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22995 HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22980 HIGH PATCH This Week

The Linux kernel NFSv4 grace period handler contains a use-after-free vulnerability in the v4_end_grace function that can be triggered by local attackers with unprivileged access, allowing them to read or modify sensitive kernel memory or cause a denial of service. The vulnerability arises from improper synchronization between the grace period shutdown logic and the NFSv4 client tracking mechanism, which can result in memory being accessed after it has been freed. A patch is available to add proper locking that prevents concurrent access to the vulnerable code path.

Linux Use After Free Memory Corruption Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71159 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71145 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0794 CRITICAL Act Now

ALGO 8180 has a use-after-free in SIP session handling (EPSS 1.1%) enabling remote code execution through crafted VoIP signaling sequences.

Golang RCE Use After Free 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-15062 HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2026-0908 HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.

Use After Free Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23884 HIGH POC PATCH This Week

Denial of service and potential remote code execution affects FreeRDP RDP clients prior to version 3.21.0, where deleting an offscreen bitmap leaves the gdi->drawing pointer referencing freed memory and subsequent update packets trigger a use-after-free (CWE-416). A malicious or compromised RDP server can drive a connected client into the freed-memory access, reliably crashing it and potentially corrupting the heap for code execution depending on allocator state. Publicly available exploit code exists, though EPSS exploitation probability is low (0.17%, 38th percentile) and the issue is not listed in CISA KEV.

Use After Free Denial Of Service Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-23883 HIGH POC PATCH This Week

Client-side denial of service in the FreeRDP RDP client (X11 frontend) prior to version 3.21.0 lets a malicious or compromised RDP server crash the connecting client and potentially corrupt its heap. The flaw is a double-free of the cursor pixel buffer in xf_Pointer_New: on an allocation/setup failure the function frees cursorPixels, and a later pointer_free call invokes xf_Pointer_Free which frees the same buffer again (CWE-416 use-after-free/double-free). Publicly available exploit code exists and an EPSS of 0.17% indicates currently low probability of widespread exploitation; impact is rated availability-only (VA:H), though the description notes heap-corruption could escalate to code execution depending on allocator behavior.

Use After Free Denial Of Service Freerdp Memory Corruption
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-21921 MEDIUM This Month

Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.

Juniper Use After Free Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21908 HIGH This Week

Juniper Junos OS and Junos OS Evolved contain a use-after-free vulnerability in the 802.1X authentication daemon that allows authenticated, network-adjacent attackers to crash the process or achieve arbitrary code execution as root by triggering specific port state changes. Exploitation requires precise timing of a change-of-authorization event during port transitions, making reliable exploitation difficult but possible. Systems with 802.1X port-based network access control enabled are affected, and no patch is currently available.

Juniper Use After Free Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-13845 HIGH This Week

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

RCE Use After Free Denial Of Service Memory Corruption Ecostruxure Power Build Rapsody
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-22857 CRITICAL POC PATCH Act Now

FreeRDP IRP thread handler has a use-after-free where the IRP is freed by Complete() then accessed on the error path. Fixed in 3.20.1.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22851 MEDIUM POC PATCH This Month

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Industrial Use After Free Race Condition Freerdp Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-70968 CRITICAL POC Act Now

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead to code execution. PoC available.

Use After Free Freeimage Red Hat Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-71110 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free().

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21287 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that executes with the privileges of the current user. An attacker can exploit this by crafting a malicious file that triggers the vulnerability when opened by a victim, requiring user interaction to activate the attack. No patch is currently available for this vulnerability.

Use After Free Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21219 HIGH PATCH This Week

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Use After Free Windows Software Development Kit
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-20953 HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Microsoft Use After Free 365 Apps Office Long Term Servicing Channel Office
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-20952 HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Microsoft Use After Free Office Long Term Servicing Channel Office 365 Apps
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-20950 HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Excel Office Online Server 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20924 HIGH PATCH This Week

Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 11 25h2 Windows Server 2019 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20923 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.

Windows Use After Free Windows Server 2022 23h2 Windows Server 2025 Windows Server 2019 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20920 HIGH PATCH This Week

Windows Win32K use-after-free vulnerability in ICOMP affects Windows 11 23h2 and Windows Server 2022 23h2, enabling authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. Currently no patch is available, and exploitation requires local access with user-level privileges.

Windows Use After Free Windows Server 2022 23h2 Windows 11 23h2 Windows Server 2022 +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20877 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10 22h2, Windows Server 2022 23h2, and Windows 11 23h2 through a use-after-free memory flaw. An authenticated local attacker can exploit this vulnerability to gain elevated system privileges. Currently, no patch is available.

Windows Use After Free Windows 10 22h2 Windows Server 2022 23h2 Windows 11 23h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20871 HIGH PATCH This Week

Local privilege escalation in Windows Desktop Window Manager (DWM) through use-after-free memory corruption affects Windows 10 22H2, Windows Server 2022, and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain system-level privileges with no user interaction required. No patch is currently available for this high-severity vulnerability.

Windows Use After Free Windows Server 2022 Windows Server 2025 Windows 10 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20870 HIGH PATCH This Week

Privilege escalation in Windows Win32K ICOMP component via use-after-free memory corruption affects Windows 11 (24h2, 25h2) and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain SYSTEM-level privileges with no user interaction required. Currently no patch is available and exploitation requires local access with user-level permissions.

Windows Use After Free Windows 11 25h2 Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20865 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.

Windows Use After Free Windows 11 24h2 Windows Server 2025 Windows Server 2022 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20859 HIGH PATCH This Week

Kernel-mode driver use-after-free vulnerabilities in Windows 11 24H2 and Windows Server 2025 enable authenticated local attackers to achieve privilege escalation. An attacker with standard user privileges can exploit memory corruption in kernel drivers to gain SYSTEM-level access without user interaction. No patch is currently available.

Linux Windows Use After Free Windows 11 24h2 Windows Server 2025 +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20858 HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.

Windows Use After Free Windows Server 2022 23h2 Windows 11 23h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20854 HIGH PATCH This Week

Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.

Windows Use After Free Windows Server 2025 Windows 11 25h2 Windows 11 24h2 +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20844 HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 Windows 10 1809 Windows Server 2022 23h2 +10
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20842 HIGH PATCH This Week

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Use After Free Windows Server 2022 23h2 Windows 11 25h2 Windows Server 2025 +6
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-20822 HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free Windows 11 25h2 Windows Server 2019 +10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10865 HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]

Use After Free Ddk
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58411 HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. [CVSS 8.8 HIGH]

Use After Free Ddk
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-71099 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71075 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability.

Linux Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-71073 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71071 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors.

Linux Use After Free Mediatek Memory Corruption Information Disclosure +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68822 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3_register_work The dev3_register_work delayed work item is initialized within alps_reconnect() and scheduled upon receipt of the first bare PS/2 packet from an external PS/2 device connected to the ALPS touchpad.

Linux Use After Free Race Condition Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2025-68817 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68810 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggling KVM_MEM_GUEST_MEMFD on existing memslots.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2025-68808 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.1%
CVE-2025-68805 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2025-68801 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1].

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.1%
CVE-2025-68800 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.1%
CVE-2025-68793 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2025-68790 Monitor

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in LAG teardown.

Linux Industrial Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2025-68781 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1.

Linux Use After Free Race Condition Linux Kernel
NVD VulDB
EPSS
0.1%
CVE-2025-68779 Monitor

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcount_t: underflow; use-after-free.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-0885 MEDIUM PATCH This Month

Memory corruption in Firefox and Thunderbird's JavaScript garbage collection engine allows remote attackers to crash the application or potentially leak sensitive information without user interaction. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, with no patch currently available.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0884 CRITICAL PATCH Act Now

Firefox JavaScript engine has a use-after-free vulnerability. Affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147 and < 140.7.

Use After Free Memory Corruption Mozilla Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0882 HIGH PATCH This Week

A use-after-free vulnerability in the IPC component of Firefox (versions below 147 and ESR versions below 115.32/140.7) and Thunderbird (versions below 147 and 140.7) enables remote code execution when users interact with malicious content. The flaw requires user interaction and network access, allowing attackers to achieve full system compromise with high integrity and confidentiality impact. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-68656 MEDIUM PATCH This Month

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. [CVSS 6.8 MEDIUM]

Use After Free Usb Host Hid Driver
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20971 HIGH POC This Week

Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.

Use After Free Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20968 MEDIUM This Month

Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.

Use After Free Android
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20026 MEDIUM This Month

processing of DCE/RPC requests contains a vulnerability that allows attackers to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of (CVSS 5.8).

Cisco Use After Free Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-21486 HIGH PATCH This Week

iccDEV versions 2.3.1.1 and earlier are vulnerable to use-after-free, heap buffer overflow, and integer overflow flaws in the CIccSparseMatrix function, allowing local attackers with user interaction to achieve arbitrary code execution. The vulnerability affects all systems using vulnerable iccDEV libraries for ICC color profile processing and is resolved in version 2.3.1.2.

Buffer Overflow Heap Overflow Use After Free Integer Overflow Iccdev
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21675 CRITICAL POC PATCH Act Now

iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint objects. Processing a malicious ICC profile can lead to code execution. PoC available, fixed in 2.3.1.1.

Use After Free Iccdev
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20806 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20805 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20804 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20802 MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial-of-service in FreeRDP's camera redirection (rdpecam) client channel allows a malicious or compromised RDP server to crash connected clients running versions prior to 3.22.0. The capture thread continues sending sample responses through a channel callback that was already freed when the device channel closed, producing a use-after-free in ecam_channel_write. EPSS is low (0.02%), it is not on CISA KEV, and no public exploit identified at time of analysis, but an upstream fix and multiple distro advisories exist.

Use After Free Freerdp Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

FreeRDP prior to 3.22.0 has a use-after-free in ecam_encoder_compress allowing malicious RDP servers to crash or execute code on clients.

Use After Free Buffer Overflow Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio format renegotiation that allows unauthenticated attackers to cause denial of service by triggering a crash through audio processing. The vulnerability occurs when the AUDIN format list is freed during renegotiation while the capture thread continues accessing the freed memory, affecting any system running vulnerable FreeRDP instances. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the libusb device interface selection code where error handling prematurely frees configuration data that subsequent code attempts to access, causing denial of service. This vulnerability affects systems using FreeRDP for remote desktop protocol operations and can be triggered remotely without authentication or user interaction. A patch is available in version 3.22.0 and later.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRDP versions prior to 3.22.0 are vulnerable to a use-after-free condition where the video_timer component sends notifications after the control channel closes, dereferencing freed memory and causing denial of service. An unauthenticated remote attacker can trigger this crash by manipulating RDP session timing, making the vulnerability exploitable with no user interaction required. A patch is available in FreeRDP 3.22.0 and later.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Use After Free Harmonyos
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Espressif IoT Development Framework versions 5.1.6-5.5.2 contain a use-after-free vulnerability in the BLE provisioning layer that allows remote attackers to trigger memory corruption when provisioning is stopped with keep_ble_on enabled. A connected BLE client can exploit freed GATT metadata through read/write callbacks to cause denial of service or potential code execution. Patches are available for all affected versions.

IoT Use After Free Esp Idf
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.

Linux Use After Free Memory Corruption +4
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.

Linux Memory Corruption Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's teql qdisc implementation allows local attackers with low privileges to trigger memory corruption and cause denial of service or potential code execution by improperly nesting teql as a non-root qdisc when it is designed to operate only as a root qdisc. The flaw exists due to missing validation of qdisc constraints and currently has no available patch. This affects all Linux systems using the vulnerable kernel versions.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq).

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's imgsys component contains a use-after-free vulnerability that allows privilege escalation when exploited by an attacker who already has system-level access. The flaw requires no user interaction and could enable a malicious actor to escalate their privileges further within the device. Currently, no patch is available to address this vulnerability.

Use After Free Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Privilege Escalation +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. [CVSS 7.5 HIGH]

Use After Free Denial Of Service Monkey
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. [CVSS 7.8 HIGH]

Windows Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Heap use-after-free in Suricata prior to versions 8.0.3 and 7.0.14 can be triggered via integer overflow when processing packets that generate excessive alert conditions, allowing an attacker to crash the IDS/IPS engine or potentially achieve code execution. Affected deployments using large rulesets are at risk when processing malicious or crafted network traffic designed to trigger simultaneous signature matches. Patches are available for both affected versions.

Use After Free Integer Overflow Suricata +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Firefox versions prior to 147.0.2 contain a use-after-free vulnerability in the Layout: Scrolling and Overflow component that can be triggered by user interaction, allowing remote attackers to achieve code execution with high integrity and confidentiality impact. The vulnerability requires network access and user interaction but does not require authentication, making it exploitable through malicious web content. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The Linux kernel's Octeon EP VF driver contains a use-after-free vulnerability in IRQ error handling where mismatched device IDs between request_irq() and free_irq() calls can leave IRQ handlers registered after their associated memory is freed. A local attacker with standard privileges can trigger an interrupt after the vulnerable ioq_vector structure is deallocated, causing a kernel crash or potential code execution. No patch is currently available.

Linux Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in Linux kernel DAMON subsystem allows local users with sysfs write permissions to trigger memory corruption by calling damon_call() against inactive contexts, causing dangling pointers in the call_controls list. An attacker could leverage this to achieve information disclosure or denial of service, though exploitation complexity is moderate due to permission requirements. The vulnerability currently lacks a patch and affects Linux kernel versions with the vulnerable DAMON code.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's IPv6 address deletion function allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code or cause a denial of service. The flaw occurs when ipv6_del_addr() is called prematurely before temporary address flags are read, leaving a dangling pointer reference. No patch is currently available for this high-severity vulnerability affecting Linux systems.

Linux Use After Free Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's macvlan driver allows local attackers with user privileges to cause memory corruption and potential privilege escalation through improper RCU synchronization in the macvlan_forward_source() function. The flaw stems from missing RCU protection when clearing vlan pointers during source entry deletion, enabling attackers to access freed memory structures. No patch is currently available for this HIGH severity vulnerability affecting Linux distributions.

Linux Google Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. [CVSS 7.8 HIGH]

Linux Use After Free Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.

Use After Free Denial Of Service Ddk
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel NFSv4 grace period handler contains a use-after-free vulnerability in the v4_end_grace function that can be triggered by local attackers with unprivileged access, allowing them to read or modify sensitive kernel memory or cause a denial of service. The vulnerability arises from improper synchronization between the grace period shutdown logic and the NFSv4 client tracking mechanism, which can result in memory being accessed after it has been freed. A patch is available to add proper locking that prevents concurrent access to the vulnerable code path.

Linux Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 has a use-after-free in SIP session handling (EPSS 1.1%) enabling remote code execution through crafted VoIP signaling sequences.

Golang RCE Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations ...

RCE Use After Free
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.

Use After Free Chrome Google +2
NVD
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Denial of service and potential remote code execution affects FreeRDP RDP clients prior to version 3.21.0, where deleting an offscreen bitmap leaves the gdi->drawing pointer referencing freed memory and subsequent update packets trigger a use-after-free (CWE-416). A malicious or compromised RDP server can drive a connected client into the freed-memory access, reliably crashing it and potentially corrupting the heap for code execution depending on allocator state. Publicly available exploit code exists, though EPSS exploitation probability is low (0.17%, 38th percentile) and the issue is not listed in CISA KEV.

Use After Free Denial Of Service Freerdp +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Client-side denial of service in the FreeRDP RDP client (X11 frontend) prior to version 3.21.0 lets a malicious or compromised RDP server crash the connecting client and potentially corrupt its heap. The flaw is a double-free of the cursor pixel buffer in xf_Pointer_New: on an allocation/setup failure the function frees cursorPixels, and a later pointer_free call invokes xf_Pointer_Free which frees the same buffer again (CWE-416 use-after-free/double-free). Publicly available exploit code exists and an EPSS of 0.17% indicates currently low probability of widespread exploitation; impact is rated availability-only (VA:H), though the description notes heap-corruption could escalate to code execution depending on allocator behavior.

Use After Free Denial Of Service Freerdp +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Repeated telemetry collector subscriptions in Juniper Junos OS and Junos OS Evolved trigger a use-after-free vulnerability in the chassis daemon, allowing authenticated network attackers to crash critical processes and cause denial of service. Affected versions prior to 22.4R3-S8, 23.2R2-S5, and 23.4R2 are vulnerable when telemetry-capable daemons experience continuous sensor subscription cycles. No patch is currently available, leaving affected systems exposed until updates are released.

Juniper Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Juniper Junos OS and Junos OS Evolved contain a use-after-free vulnerability in the 802.1X authentication daemon that allows authenticated, network-adjacent attackers to crash the process or achieve arbitrary code execution as root by triggering specific port state changes. Exploitation requires precise timing of a change-of-authorization event during port transitions, making reliable exploitation difficult but possible. Systems with 802.1X port-based network access control enabled are affected, and no patch is currently available.

Juniper Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

RCE Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP IRP thread handler has a use-after-free where the IRP is freed by Complete() then accessed on the error path. Fixed in 3.20.1.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Industrial Use After Free Race Condition +3
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead to code execution. PoC available.

Use After Free Freeimage Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free().

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that executes with the privileges of the current user. An attacker can exploit this by crafting a malicious file that triggers the vulnerability when opened by a victim, requiring user interaction to activate the attack. No patch is currently available for this vulnerability.

Use After Free Substance 3d Stager
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Use After Free Windows Software Development Kit
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Microsoft Use After Free 365 Apps +2
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Microsoft Use After Free Office Long Term Servicing Channel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Excel +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services via use-after-free memory corruption affects Windows 10, Windows 11, and Windows Server 2019, enabling authenticated local attackers to gain elevated system privileges. An authorized user can exploit this vulnerability through a race condition to execute arbitrary code with higher privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 11 25h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows Server 2019, 2022 23h2, and 2025 through a use-after-free vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low privileges and manual user interaction to trigger, potentially giving attackers complete system control. No patch is currently available for this vulnerability.

Windows Use After Free Windows Server 2022 23h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Windows Win32K use-after-free vulnerability in ICOMP affects Windows 11 23h2 and Windows Server 2022 23h2, enabling authenticated local attackers to achieve privilege escalation with high impact on confidentiality, integrity, and availability. Currently no patch is available, and exploitation requires local access with user-level privileges.

Windows Use After Free Windows Server 2022 23h2 +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10 22h2, Windows Server 2022 23h2, and Windows 11 23h2 through a use-after-free memory flaw. An authenticated local attacker can exploit this vulnerability to gain elevated system privileges. Currently, no patch is available.

Windows Use After Free Windows 10 22h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Desktop Window Manager (DWM) through use-after-free memory corruption affects Windows 10 22H2, Windows Server 2022, and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain system-level privileges with no user interaction required. No patch is currently available for this high-severity vulnerability.

Windows Use After Free Windows Server 2022 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Win32K ICOMP component via use-after-free memory corruption affects Windows 11 (24h2, 25h2) and Windows Server 2025. An authenticated local attacker can exploit this vulnerability to gain SYSTEM-level privileges with no user interaction required. Currently no patch is available and exploitation requires local access with user-level permissions.

Windows Use After Free Windows 11 25h2 +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 11 24H2, Windows Server 2022, and 2025 through a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The vulnerability requires local access and manual user interaction is not required, making it exploitable by any authorized account on the system. Currently no patch is available to remediate this issue.

Windows Use After Free Windows 11 24h2 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel-mode driver use-after-free vulnerabilities in Windows 11 24H2 and Windows Server 2025 enable authenticated local attackers to achieve privilege escalation. An attacker with standard user privileges can exploit memory corruption in kernel drivers to gain SYSTEM-level access without user interaction. No patch is currently available.

Linux Windows Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Windows Management Services affects Windows 10, Windows 11, and Windows Server 2022 through a use-after-free memory vulnerability. An authenticated local attacker can exploit this flaw to gain elevated system privileges. Currently no patch is available and exploitation requires specific conditions to trigger.

Windows Use After Free Windows Server 2022 23h2 +10
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Windows LSASS (Local Security Authority Subsystem Service) on Windows 11 and Windows Server 2025 stems from a use-after-free memory vulnerability exploitable by authenticated attackers over the network. An attacker with valid credentials can trigger the flaw to execute arbitrary code with SYSTEM privileges, achieving complete system compromise. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a security update.

Windows Use After Free Windows Server 2025 +3
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Windows Clipboard Server contains a use-after-free vulnerability affecting Windows 10 (versions 21H2 and 1809) and Windows Server 2022 (23H2) that enables local privilege escalation without requiring user interaction. An attacker with local access can exploit this memory safety flaw to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Use After Free Windows 10 21h2 +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Windows Use After Free Windows Server 2022 23h2 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Microsoft Graphics Component on Windows 11 25h2 and Windows Server 2019 exploits a use-after-free condition, enabling authenticated local attackers to gain elevated system privileges. The vulnerability requires moderate complexity to exploit and affects confidentiality, integrity, and availability of affected systems. No patch is currently available.

Microsoft Industrial Use After Free +12
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]

Use After Free Ddk
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. [CVSS 8.8 HIGH]

Use After Free Ddk
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability.

Linux Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors.

Linux Use After Free Mediatek +5
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3_register_work The dev3_register_work delayed work item is initialized within alps_reconnect() and scheduled upon receipt of the first bare PS/2 packet from an external PS/2 device connected to the ALPS touchpad.

Linux Use After Free Race Condition +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggling KVM_MEM_GUEST_MEMFD on existing memslots.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1].

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0%
Monitor

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in LAG teardown.

Linux Industrial Use After Free +1
NVD VulDB
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otg_event is initialized in fsl_otg_conf() and scheduled under two conditions: 1.

Linux Use After Free Race Condition +1
NVD VulDB
EPSS 0%
Monitor

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflow in some conditions: ------------[ cut here ]------------ refcount_t: underflow; use-after-free.

Linux Use After Free Linux Kernel
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory corruption in Firefox and Thunderbird's JavaScript garbage collection engine allows remote attackers to crash the application or potentially leak sensitive information without user interaction. The vulnerability affects Firefox versions below 147, Firefox ESR below 140.7, Thunderbird below 147, and Thunderbird ESR below 140.7, with no patch currently available.

Use After Free Memory Corruption Mozilla +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Firefox JavaScript engine has a use-after-free vulnerability. Affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147 and < 140.7.

Use After Free Memory Corruption Mozilla +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in the IPC component of Firefox (versions below 147 and ESR versions below 115.32/140.7) and Thunderbird (versions below 147 and 140.7) enables remote code execution when users interact with malicious content. The flaw requires user interaction and network access, allowing attackers to achieve full system compromise with high integrity and confidentiality impact. No patch is currently available for this vulnerability.

Use After Free Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. [CVSS 6.8 MEDIUM]

Use After Free Usb Host Hid Driver
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Arbitrary code execution in the Android PROCA driver before the January 2026 security update results from a use-after-free vulnerability accessible to local attackers with basic privileges. An attacker with local access can exploit this memory safety flaw to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity vulnerability.

Use After Free Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Arbitrary code execution in Android's DualDAR component prior to the January 2026 security patch stems from a use-after-free memory vulnerability that can be exploited by local attackers with elevated privileges. An attacker with high-level device access could leverage this flaw to execute arbitrary code with system-level permissions. No patch is currently available, leaving affected devices vulnerable until the SMR January 2026 Release 1 update is deployed.

Use After Free Android
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

processing of DCE/RPC requests contains a vulnerability that allows attackers to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of (CVSS 5.8).

Cisco Use After Free Denial Of Service
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

iccDEV versions 2.3.1.1 and earlier are vulnerable to use-after-free, heap buffer overflow, and integer overflow flaws in the CIccSparseMatrix function, allowing local attackers with user interaction to achieve arbitrary code execution. The vulnerability affects all systems using vulnerable iccDEV libraries for ICC color profile processing and is resolved in version 2.3.1.2.

Buffer Overflow Heap Overflow Use After Free +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint objects. Processing a malicious ICC profile can lead to code execution. PoC available, fixed in 2.3.1.1.

Use After Free Iccdev
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
Prev Page 15 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy