Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2025-5991 LOW PATCH Monitor

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

Use After Free Denial Of Service Memory Corruption Ubuntu Debian
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-5958 HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Google RCE Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43577 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.

RCE Adobe Use After Free Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43574 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.

RCE Adobe Use After Free Acrobat Dc Acrobat +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43573 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.

RCE Adobe Use After Free Acrobat Reader Dc Acrobat Reader +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43550 HIGH This Week

Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.

RCE Adobe Use After Free Acrobat Reader Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-47957 HIGH POC This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +1
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-47168 HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47165 HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows RCE Excel +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-47164 HIGH PATCH This Week

Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.

Use After Free Microsoft Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-47106 MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Use After Free Denial Of Service Memory Corruption Indesign
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-43589 HIGH This Week

Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.

Use After Free RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-33071 HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows RCE Windows Server 2022 23h2 +5
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-32712 HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows Privilege Escalation Windows Server 2022 23h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32710 HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free Windows Server 2025 Windows Server 2022 23h2 +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-38000 HIGH PATCH This Week

Use-after-free vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) queue discipline scheduler that occurs when enqueuing packets triggers a peek operation on child qdiscs before queue accounting is updated. Local attackers with unprivileged user privileges can exploit this to cause denial of service or potentially execute code with kernel privileges. The vulnerability affects Linux kernel versions with the vulnerable HFSC implementation and has a CVSS score of 7.8 (high severity) with local attack vector requirements.

Use After Free Linux Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23106 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1480 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23101 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 1380 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23098 HIGH This Week

Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that enables local privilege escalation. An authenticated attacker with local access can exploit this memory safety flaw to gain elevated privileges on affected devices. The vulnerability has a CVSS 3.1 score of 7.8 (High), reflecting high impact on confidentiality, integrity, and availability, though exploitation requires local access and existing user-level privileges.

Use After Free Privilege Escalation Samsung Exynos 1380 Firmware Exynos 2100 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27031 HIGH This Week

Use-after-free memory corruption vulnerability in IOCTL command processing that occurs when buffers in write loopback mode are accessed after being freed. This local privilege escalation affects authenticated users (PR:L) on affected systems and can enable attackers to achieve confidentiality, integrity, and availability compromise (C:H/I:H/A:H). The vulnerability requires local access and low complexity exploitation, making it a significant risk for multi-user systems or systems where local code execution is possible.

Use After Free Memory Corruption Denial Of Service Wcd9375 Firmware Wsa8840 Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-53015 MEDIUM This Month

Memory corruption while processing IOCTL command to handle buffers associated with a session.

Use After Free Buffer Overflow Memory Corruption Wcd9340 Firmware Snapdragon 480 5g Mobile Platform Firmware +78
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-5068 HIGH PATCH This Week

A security vulnerability in Blink in Google Chrome (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Use After Free Memory Corruption Google Heap Overflow Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-23105 HIGH This Week

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.

Privilege Escalation Samsung Use After Free Exynos 1480 Firmware Exynos 2400 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23104 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung Memory Corruption Exynos 2200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0073 HIGH This Week

Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.

Use After Free Memory Corruption Privilege Escalation 5th Gen Gpu Architecture Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-26226 HIGH This Week

A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service Yandex Browser
NVD
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-44906 HIGH POC This Month

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jhead Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-5283 MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +2
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-5063 HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-48798 HIGH PATCH This Week

A flaw was found in GIMP when processing XCF image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48752 Cargo LOW POC Monitor

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Process Sync
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-37957 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37952 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37946 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37926 HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's ksmbd (in-kernel SMB server) component, where a race condition between ksmbd_session_rpc_open() and __session_rpc_close() functions can lead to memory corruption. This vulnerability affects Linux kernel versions up to 6.15-rc4 and allows local attackers with low privileges to potentially execute arbitrary code or cause system crashes, achieving complete compromise of confidentiality, integrity, and availability. With an EPSS score of 0.07%, the vulnerability has low real-world exploitation likelihood despite its high CVSS score, and patches are available from the vendor.

Linux Use After Free Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37924 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Red Hat +1
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-37916 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37903 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Amd +5
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37899 HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-1706 HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-37890 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4516 MEDIUM PATCH This Month

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
5.9
EPSS
0.2%
CVE-2025-43571 HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43570 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43568 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43549 HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-20062 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-20046 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-20006 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-32709 HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-32701 HIGH KEV THREAT Act Now

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2025-30400 HIGH KEV THREAT Act Now

Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-30393 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30386 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD VulDB
CVSS 3.1
8.4
EPSS
0.6%
CVE-2025-30385 HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-30377 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-29978 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29977 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29970 HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-29831 HIGH This Week

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-31239 MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Apple
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-53145 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37885 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37882 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-37869 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37861 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37854 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37849 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37845 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-31946 MEDIUM This Month

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27578 HIGH This Week

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-37823 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-37819 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-4372 HIGH PATCH This Week

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21453 HIGH PATCH This Week

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware +257
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45583 MEDIUM PATCH This Month

Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 7800 Firmware Snapdragon 8 Gen 3 Mobile Firmware +5
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45567 HIGH PATCH This Week

Memory corruption while encoding JPEG format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45566 HIGH PATCH This Week

Memory corruption during concurrent buffer access due to modification of the reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45564 HIGH PATCH This Week

Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45562 MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow C V2x 9150 Firmware Fastconnect 6800 Firmware +76
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45554 HIGH PATCH This Week

Memory corruption during concurrent SSR execution due to race condition on the global maps list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53123 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53116 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53111 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53107 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDP_REDIRECT Commit 718a18a0c8a6 ("veth: Rework veth_xdp_rcv_skb in order to accept non-linear skb"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53106 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53088 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53084 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-53082 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panic The root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Red Hat +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.

RCE Adobe Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.

RCE Adobe Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.

RCE Adobe Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.

RCE Adobe Use After Free +4
NVD
EPSS 1% CVSS 8.4
HIGH POC This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.

Use After Free Microsoft Windows +3
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows +7
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows +6
NVD Exploit-DB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.

Use After Free Microsoft Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.

Use After Free RCE Adobe +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.

Use After Free Microsoft Windows +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows +16
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.

Microsoft Windows Use After Free +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) queue discipline scheduler that occurs when enqueuing packets triggers a peek operation on child qdiscs before queue accounting is updated. Local attackers with unprivileged user privileges can exploit this to cause denial of service or potentially execute code with kernel privileges. The vulnerability affects Linux kernel versions with the vulnerable HFSC implementation and has a CVSS score of 7.8 (high severity) with local attack vector requirements.

Use After Free Linux Denial Of Service +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that enables local privilege escalation. An authenticated attacker with local access can exploit this memory safety flaw to gain elevated privileges on affected devices. The vulnerability has a CVSS 3.1 score of 7.8 (High), reflecting high impact on confidentiality, integrity, and availability, though exploitation requires local access and existing user-level privileges.

Use After Free Privilege Escalation Samsung +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free memory corruption vulnerability in IOCTL command processing that occurs when buffers in write loopback mode are accessed after being freed. This local privilege escalation affects authenticated users (PR:L) on affected systems and can enable attackers to achieve confidentiality, integrity, and availability compromise (C:H/I:H/A:H). The vulnerability requires local access and low complexity exploitation, making it a significant risk for multi-user systems or systems where local code execution is possible.

Use After Free Memory Corruption Denial Of Service +18
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Memory corruption while processing IOCTL command to handle buffers associated with a session.

Use After Free Buffer Overflow Memory Corruption +80
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security vulnerability in Blink in Google Chrome (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.

Privilege Escalation Samsung Use After Free +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.

Use After Free Privilege Escalation Samsung +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Month

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A flaw was found in GIMP when processing XCF image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service
NVD
EPSS 0% CVSS 2.9
LOW POC Monitor

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's ksmbd (in-kernel SMB server) component, where a race condition between ksmbd_session_rpc_open() and __session_rpc_close() functions can lead to memory corruption. This vulnerability affects Linux kernel versions up to 6.15-rc4 and allows local attackers with low privileges to potentially execute arbitrary code or cause system crashes, achieving complete compromise of confidentiality, integrity, and availability. With an EPSS score of 0.07%, the vulnerability has low real-world exploitation likelihood despite its high CVSS score, and patches are available from the vendor.

Linux Use After Free Race Condition +4
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: pds_core: remove write-after-free of client_id A use-after-free error popped up in stress testing: [Mon Apr 21 21:21:33 2025] BUG:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel +4
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft +17
NVD VulDB
EPSS 2% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.

Use After Free Memory Corruption Microsoft +17
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT Act Now

Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.

Use After Free Memory Corruption Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +3
NVD
EPSS 1% CVSS 8.4
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +16
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +3
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A use-after-free issue was addressed with improved memory management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +259
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption while encoding JPEG format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during concurrent buffer access due to modification of the reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during concurrent access to server info object due to incorrect reference count update. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +61
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory corruption during concurrent access to server info object due to unprotected critical field. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +78
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption during concurrent SSR execution due to race condition on the global maps list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Buffer Overflow +20
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDP_REDIRECT Commit 718a18a0c8a6 ("veth: Rework veth_xdp_rcv_skb in order to accept non-linear skb"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panic The root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +4
NVD
Prev Page 21 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy