Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2025-38627 HIGH PATCH This Week

Use-after-free in the Linux kernel f2fs compression subsystem allows local authenticated attackers to achieve high confidentiality, integrity, and availability impact (CVSS 7.8). The vulnerability permits exploitation through a race condition where an inode can be freed while still referenced by asynchronous decompression work queues, leading to potential arbitrary code execution, information disclosure, or denial of service. With an EPSS score of 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains relatively low despite the high severity score.

Linux Use After Free Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38620 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabled kernel reports "BUG. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38618 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38598 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38596 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38595 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38594 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38584 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38580 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38578 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Denial Of Service +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38577 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Information Disclosure +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38570 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38555 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38554 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google Use After Free Information Disclosure +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38536 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38527 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-50518 CRITICAL Act Now

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Use After Free Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-8882 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-54232 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54231 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54230 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54229 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54226 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54225 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54224 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54223 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49562 MEDIUM This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Animate
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49561 HIGH This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Animate
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53784 HIGH CERT-EU This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53761 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53740 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53738 HIGH This Month

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53735 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53734 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53731 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53730 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53721 HIGH This Week

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53718 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53152 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53151 HIGH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53147 HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53142 HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 22h2 +4
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53140 HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53133 HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50159 HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-50153 HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49568 MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38500 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption Use After Free Ubuntu +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-55157 MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Vim Red Hat +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-27128 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-24298 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-46709 HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8578 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8576 HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21474 HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6800 Firmware Fastconnect 6900 Firmware +43
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21458 HIGH PATCH This Month

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6900 Firmware Qam8255p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21456 HIGH This Month

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Ar8035 Firmware C V2x 9150 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54635 MEDIUM This Month

Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54626 MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-0932 MEDIUM Monitor

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free 5th Gen Gpu Architecture Userspace Driver Bifrost Gpu Userspace Driver +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-23281 HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE Use After Free Microsoft +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-43222 CRITICAL Act Now

Use-after-free memory corruption in Apple's operating systems (iPadOS 17.x, macOS Sequoia 15.x, Sonoma 14.x, Ventura 13.x) allows network-based attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability was remediated by removing the vulnerable code entirely rather than patching it. Despite a critical CVSS 9.8 score, EPSS indicates only 0.08% exploitation probability (24th percentile), and no public exploit identified at time of analysis. Apple released patches in July 2025 across all affected platforms simultaneously.

Apple iOS macOS Use After Free Denial Of Service +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43216 MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS macOS Use After Free +8
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-38471 HIGH PATCH This Week

Use-after-free in Linux kernel TLS implementation allows local authenticated users to achieve high confidentiality, integrity, and availability impact through memory corruption. The vulnerability, triggered by aggressive TCP SKB compaction in net-next, causes TLS to operate on freed socket buffers when checking decrypt state. A vendor patch is available across multiple kernel versions (6.1-rc2 through 6.1-rc5 and later stable branches). No active exploitation confirmed, but CWE-416 use-after-free bugs are frequently targeted due to their code execution potential. EPSS data not provided.

Information Disclosure Use After Free Memory Corruption Linux Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4878 LOW Monitor

Uninitialized variable in libssh's privatekey_from_file() function can cause heap corruption or signing failures when a non-existent key file is specified, allowing local authenticated attackers to trigger memory corruption with potential for information disclosure. CVSS 3.6 reflects local attack vector and high complexity; exploitation requires authenticated access and specific file conditions.

Information Disclosure Use After Free Memory Corruption
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2025-38350 HIGH PATCH This Week

Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.

Information Disclosure Use After Free Memory Corruption Linux Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3631 MEDIUM This Month

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Information Disclosure Use After Free Memory Corruption IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52946 HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5) that allows an attacker sending a bgp update with a specifically malformed as path. High severity vulnerability requiring prompt remediation.

Juniper Use After Free Denial Of Service BGP Junos Os Evolved +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53020 HIGH PATCH This Week

CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.

Apache Use After Free Denial Of Service Http Server Red Hat +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-7425 HIGH POC PATCH CISA Act Now

CVE-2025-7425 is a use-after-free (UAF) vulnerability in libxslt where improper memory management during XSLT tree fragment processing leads to heap corruption and potential code execution. The vulnerability affects libxslt library versions processing XSLT functions like key() that generate tree fragments, allowing local attackers with no privileges to trigger crashes or heap corruption through crafted XSLT stylesheets. While CVSS 7.8 indicates high severity, real-world impact depends on KEV inclusion status and whether public exploits exist; this vulnerability presents significant risk to applications embedding libxslt and processing untrusted XSLT input.

Denial Of Service Memory Corruption Use After Free
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2025-38346 HIGH PATCH This Week

CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Use After Free Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38341 HIGH PATCH This Week

CVE-2025-38341 is a double-free vulnerability in the Linux kernel's fbnic (Meta Fabric NIC) driver that occurs when DMA-mapping of a firmware message fails. An attacker with local access and low privilege can trigger this memory corruption to achieve code execution or denial of service. The vulnerability affects Linux kernels with the fbnic driver enabled, and while there is no current evidence of active exploitation in the wild, the high CVSS score (7.8) and local attack vector make this a moderate-to-high priority for systems running affected kernel versions.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38323 HIGH PATCH This Week

CVE-2025-38323 is a use-after-free vulnerability in the Linux kernel's ATM LEC (LAN Emulation Client) subsystem that allows a local unprivileged user to read or write kernel memory, potentially achieving privilege escalation. The vulnerability exists in net/atm/lec.c where error paths in lecd_attach() can leave dangling pointers in the dev_lec[] array, enabling access to freed memory. This is a local privilege escalation with CVSS 7.8 (High) requiring local access but no user interaction.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38313 HIGH PATCH This Week

CVE-2025-38313 is a double-free memory corruption vulnerability in the Linux kernel's FSL Management Complex (fsl-mc) bus driver that allows a local attacker with low privileges to cause denial of service or potential code execution. The vulnerability affects Linux kernel versions where the MC device allocation error path incorrectly frees memory twice when a DPRC (Data Path Resource Container) device is involved. This is not currently listed as actively exploited in KEV databases, but the high CVSS score (7.8) and local attack vector make it a moderate priority for systems using FSL-MC enabled hardware.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38292 HIGH PATCH This Week

CVE-2025-38292 is a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver (ath12k_dp_rx_msdu_coalesce function) where the is_continuation boolean field is accessed after the skb (socket buffer) containing it has been freed. This affects local attackers with low privileges who can trigger network packet processing, potentially leading to information disclosure or denial of service. The vulnerability has not been reported as actively exploited in KEV, but the high CVSS score (7.1) and local attack vector indicate moderate real-world risk, particularly in systems where unprivileged users can influence WiFi packet handling.

Linux Use After Free Denial Of Service Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38289 HIGH PATCH This Week

CVE-2025-38289 is a use-after-free vulnerability in the Linux kernel's lpfc (Emulex/Broadcom Fibre Channel) driver that occurs in the dev_loss_tmo_callbk function during driver unload or fatal error handling. A local privileged attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. There is no evidence of active exploitation in the wild or public proof-of-concept code at this time, but the vulnerability represents a real kernel memory safety issue requiring prompt patching.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38259 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

Linux Use After Free Memory Corruption Information Disclosure Ubuntu +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38250 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google Information Disclosure Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38248 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides.

Linux Buffer Overflow Use After Free Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49735 HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2025 +6
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-49733 HIGH PATCH This Week

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 23h2 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49726 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49725 HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 22h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49724 HIGH PATCH This Week

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 22h2 +10
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-49711 HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49703 HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49700 HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49699 HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.0
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel f2fs compression subsystem allows local authenticated attackers to achieve high confidentiality, integrity, and availability impact (CVSS 7.8). The vulnerability permits exploitation through a race condition where an inode can be freed while still referenced by asynchronous decompression work queues, leading to potential arbitrary code execution, information disclosure, or denial of service. With an EPSS score of 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains relatively low despite the high severity score.

Linux Use After Free Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabled kernel reports "BUG. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +5
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +5
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +12
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +12
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +16
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +14
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +17
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Vim is an open source, command line text editor. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free +3
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing commands from A2dp sink command queue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +45
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free +24
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +64
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability of returning released pointers in the distributed notification service. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 7.0
HIGH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia Memory Corruption RCE +5
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Use-after-free memory corruption in Apple's operating systems (iPadOS 17.x, macOS Sequoia 15.x, Sonoma 14.x, Ventura 13.x) allows network-based attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability was remediated by removing the vulnerable code entirely rather than patching it. Despite a critical CVSS 9.8 score, EPSS indicates only 0.08% exploitation probability (24th percentile), and no public exploit identified at time of analysis. Apple released patches in July 2025 across all affected platforms simultaneously.

Apple iOS macOS +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel TLS implementation allows local authenticated users to achieve high confidentiality, integrity, and availability impact through memory corruption. The vulnerability, triggered by aggressive TCP SKB compaction in net-next, causes TLS to operate on freed socket buffers when checking decrypt state. A vendor patch is available across multiple kernel versions (6.1-rc2 through 6.1-rc5 and later stable branches). No active exploitation confirmed, but CWE-416 use-after-free bugs are frequently targeted due to their code execution potential. EPSS data not provided.

Information Disclosure Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Uninitialized variable in libssh's privatekey_from_file() function can cause heap corruption or signing failures when a non-existent key file is specified, allowing local authenticated attackers to trigger memory corruption with potential for information disclosure. CVSS 3.6 reflects local attack vector and high complexity; exploitation requires authenticated access and specific file conditions.

Information Disclosure Use After Free Memory Corruption
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux Kernel traffic control (qdisc) subsystem allows local authenticated attackers to execute arbitrary code, escalate privileges, or cause denial of service. Affects Linux Kernel versions prior to vendor-released patches across multiple stable branches (6.6.x, 6.12.x, 6.15, 6.16-rc1). Triggered when classful qdiscs like DRR and HFSC incorrectly handle child class deactivation during enqueue operations, leaving stale class pointers that can be exploited after deletion. Vendor patches available from kernel.org git stable tree; no active exploitation confirmed (not in CISA KEV), but PoC reproducer exists in public advisory.

Information Disclosure Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability (CVSS 7.5) that allows an attacker sending a bgp update with a specifically malformed as path. High severity vulnerability requiring prompt remediation.

Juniper Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.

Apache Use After Free Denial Of Service +4
NVD
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

CVE-2025-7425 is a use-after-free (UAF) vulnerability in libxslt where improper memory management during XSLT tree fragment processing leads to heap corruption and potential code execution. The vulnerability affects libxslt library versions processing XSLT functions like key() that generate tree fragments, allowing local attackers with no privileges to trigger crashes or heap corruption through crafted XSLT stylesheets. While CVSS 7.8 indicates high severity, real-world impact depends on KEV inclusion status and whether public exploits exist; this vulnerability presents significant risk to applications embedding libxslt and processing untrusted XSLT input.

Denial Of Service Memory Corruption Use After Free
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Use After Free Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38341 is a double-free vulnerability in the Linux kernel's fbnic (Meta Fabric NIC) driver that occurs when DMA-mapping of a firmware message fails. An attacker with local access and low privilege can trigger this memory corruption to achieve code execution or denial of service. The vulnerability affects Linux kernels with the fbnic driver enabled, and while there is no current evidence of active exploitation in the wild, the high CVSS score (7.8) and local attack vector make this a moderate-to-high priority for systems running affected kernel versions.

Linux Use After Free Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38323 is a use-after-free vulnerability in the Linux kernel's ATM LEC (LAN Emulation Client) subsystem that allows a local unprivileged user to read or write kernel memory, potentially achieving privilege escalation. The vulnerability exists in net/atm/lec.c where error paths in lecd_attach() can leave dangling pointers in the dev_lec[] array, enabling access to freed memory. This is a local privilege escalation with CVSS 7.8 (High) requiring local access but no user interaction.

Linux Use After Free Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38313 is a double-free memory corruption vulnerability in the Linux kernel's FSL Management Complex (fsl-mc) bus driver that allows a local attacker with low privileges to cause denial of service or potential code execution. The vulnerability affects Linux kernel versions where the MC device allocation error path incorrectly frees memory twice when a DPRC (Data Path Resource Container) device is involved. This is not currently listed as actively exploited in KEV databases, but the high CVSS score (7.8) and local attack vector make it a moderate priority for systems using FSL-MC enabled hardware.

Linux Use After Free Denial Of Service +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

CVE-2025-38292 is a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver (ath12k_dp_rx_msdu_coalesce function) where the is_continuation boolean field is accessed after the skb (socket buffer) containing it has been freed. This affects local attackers with low privileges who can trigger network packet processing, potentially leading to information disclosure or denial of service. The vulnerability has not been reported as actively exploited in KEV, but the high CVSS score (7.1) and local attack vector indicate moderate real-world risk, particularly in systems where unprivileged users can influence WiFi packet handling.

Linux Use After Free Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-38289 is a use-after-free vulnerability in the Linux kernel's lpfc (Emulex/Broadcom Fibre Channel) driver that occurs in the dev_loss_tmo_callbk function during driver unload or fatal error handling. A local privileged attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. There is no evidence of active exploitation in the wild or public proof-of-concept code at this time, but the vulnerability represents a real kernel memory safety issue requiring prompt patching.

Linux Use After Free Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code.

Linux Use After Free Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor...

Linux Use After Free Google +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides.

Linux Buffer Overflow Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption +14
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +7
NVD
Prev Page 19 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy