Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2026-45984 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 filesystem stems from a use-after-free in the inline data write path of gfs2_iomap_begin(), where the inode buffer head is released before iomap->inline_data is consumed by iomap_write_end_inline(). Local users with the ability to write to a GFS2-backed filesystem can trigger memory corruption via a freed page that kswapd has since reclaimed. No public exploit identified at time of analysis, EPSS probability is very low (0.02%), and the issue is not listed in CISA KEV, but vendor patches across multiple stable trees are available.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45980 HIGH PATCH This Week

Local privilege escalation and denial of service in the Linux kernel's AMD XDNA (amdxdna) accelerator driver allows authenticated local users to trigger a use-after-free condition by submitting jobs to a hardware context concurrently with resource release. The flaw affects kernels in the 6.14.9 through 6.15 series and was resolved upstream by stopping job scheduling around aie2_release_resource() and validating context state in aie2_sched_job_run(). No public exploit identified at time of analysis, and EPSS scoring (0.02%) indicates negligible near-term exploitation probability.

Linux Denial Of Service Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45972 CRITICAL PATCH Act Now

Use-after-free and double-free conditions in the Linux kernel's SMB client (smb2_open_file) can be triggered when SMB2_open() retry paths fail to zero out err_iov and err_buftype buffers, leading to memory corruption. The flaw affects multiple stable kernel branches (6.1, 6.6, 6.12, 6.18) and is fixed in upstream patches; no public exploit identified at time of analysis and EPSS is very low (0.02%) despite the 9.8 CVSS score.

Information Disclosure Memory Corruption Use After Free Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-45970 HIGH PATCH This Week

Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.

Linux Canonical Denial Of Service Dell Memory Corruption +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45956 HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's Exynos DRM VIDI (Virtual Display) driver allows local users with access to the DRM device to trigger null pointer dereferences, garbage value accesses, out-of-bounds reads, or use-after-free conditions via the vidi_connection_ioctl() handler. The flaw stems from an incorrect device-to-context lookup that retrieves driver_data from the exynos-drm master device instead of the VIDI component device. A vendor patch is available across multiple stable branches, no public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.02%.

Denial Of Service Samsung Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45951 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's BPF subsystem stems from incorrect refcounting in check_pseudo_btf_id() that can leave a BTF (BPF Type Format) object with a zero refcount while still in use, creating a use-after-free condition. Affected kernels (around 6.14 through pre-patch 6.18.14/6.19.4) allow a local low-privileged user capable of loading BPF programs to corrupt kernel memory, with no public exploit identified at time of analysis and EPSS scoring exploitation likelihood at only 0.02%.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45946 HIGH PATCH This Week

Use-after-free in the Linux kernel's ab8500 power supply driver (drivers/power/supply/ab8500) can be triggered during device removal or probe due to incorrect ordering of devm_-managed resource allocation. The race allows an IRQ handler to invoke power_supply_changed() against a freed or uninitialized power_supply handle, typically resulting in a kernel crash or silent memory corruption. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the flaw is not on CISA KEV.

Linux Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45938 HIGH PATCH This Week

Memory corruption in the Linux kernel's pm8916_lbc power-supply driver (Qualcomm PM8916 PMIC linear battery charger) stems from a use-after-free in power_supply_changed(), where devm-managed teardown ordering lets a charger interrupt fire against a freed or not-yet-initialized power_supply handle during driver probe or removal. Local attackers able to trigger device unbind/rebind or module load/unload can crash the system or silently corrupt kernel memory. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis; the issue is not in CISA KEV.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45936 HIGH PATCH This Week

Use-after-free in the Linux kernel's goldfish power-supply driver (drivers/power/supply/goldfish_battery) allows a local attacker to crash the system or corrupt kernel memory by racing device probe/removal against the battery IRQ handler. The driver requested its IRQ via devm_ before registering the power_supply handle, so on teardown the handle is freed while the still-live interrupt can fire and call power_supply_changed() on freed (or, during probe, uninitialized) memory. No public exploit identified at time of analysis; EPSS is negligible (0.02%) and the bug is not in CISA KEV.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45929 HIGH PATCH This Week

Use-after-free in the Linux kernel's OpenVPN data channel offload (ovpn) module allows a local attacker with low privileges to potentially trigger memory corruption when transmitting shared sk_buff packets through ovpn_net_xmit. The flaw stems from continued use of a stale skb pointer after skb_share_check frees the original buffer, affecting peer lookup, skb_dst_drop, and TX statistics paths. No public exploit identified at time of analysis, and the EPSS probability is very low (0.02%), suggesting the bug is more of a stability and memory-safety concern than an imminently weaponized vector.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45916 HIGH PATCH This Week

Local privilege-relevant memory corruption in the Linux kernel's sbs-battery power supply driver (drivers/power/supply/sbs-battery) stems from a use-after-free in power_supply_changed(). Because the driver requested its IRQ via devm_ before allocating/registering the power_supply handle, devm teardown frees the handle in reverse order while the interrupt is still live, so an SMBus battery interrupt firing during device removal (or before registration during probe) invokes power_supply_changed() on a freed or uninitialized pointer, typically crashing the system or silently corrupting memory. EPSS is negligible (0.02%, 7th percentile), no public exploit is identified, and it is not on CISA KEV; the fix is upstream-committed and shipped in multiple stable releases.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45914 HIGH PATCH This Week

Local memory corruption affects the Linux kernel's hwmon ibmpex driver, where commit 6946c726c3f4 - intended to fix a use-after-free in the high/low sysfs store handlers - instead introduced a new race condition by setting driver data to NULL before removing sensor attributes. The remediation is a revert of that flawed commit across the 6.1, 6.6, 6.12, 6.18, and 6.19 stable trees. With EPSS at 0.02% (7th percentile), no public exploit identified at time of analysis, and no CISA KEV listing, real-world risk is minimal given the obscure IBM PowerExecutive sensor hardware the driver targets.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45906 HIGH PATCH This Week

Use-after-free in the Linux kernel's pf1550 power-supply driver (drivers/power/supply/pf1550) lets a queued hardware interrupt invoke power_supply_changed() on an already-freed power_supply handle during module/device removal, and can also dereference an uninitialized handle during probe. The flaw stems from devm-managed resource ordering: the IRQ was requested before the power_supply was registered, so devm teardown frees the power_supply first. Impact is typically a kernel crash or silent memory corruption. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45902 HIGH PATCH This Week

Local privilege-level use-after-free in the Linux kernel's bq256xx battery charger driver (power: supply: bq256xx) allows memory corruption when a charger IRQ fires during device probe or removal, calling power_supply_changed() against a freed or uninitialized power_supply handle. The flaw stems from devm_ resources being released in reverse order, so the IRQ outlives the power_supply registration; triggering it typically crashes the system or silently corrupts kernel memory. No public exploit is identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 7th percentile), with no CISA KEV listing.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45885 HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's cpcap-battery power supply driver allows a use-after-free in power_supply_changed() triggered during device probe or removal. The driver requested its IRQ via devm_ before registering the power_supply handle, so on teardown the handle is freed while the interrupt handler can still fire, dereferencing freed memory and typically crashing the system or silently corrupting memory. EPSS is negligible (0.02%, 7th percentile) and there is no public exploit identified at time of analysis; the issue is confined to Motorola CPCAP PMIC hardware (e.g. Droid 4) rather than general-purpose servers.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45882 HIGH PATCH This Week

Use-after-free in the Linux kernel's pm8916_bms_vm power-supply driver (for Qualcomm PM8916 battery monitoring on certain Snapdragon SoCs) lets a freed power_supply handle be dereferenced when an IRQ fires during device removal or probe, corrupting kernel memory or crashing the system. The flaw stems from devm-managed IRQ registration occurring before the power_supply handle was registered, so devm's reverse-order teardown frees the handle while the interrupt is still live. EPSS is negligible (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; impact is realistically a local denial of service on the narrow set of devices using this driver.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45879 HIGH PATCH This Week

Local privilege-level use-after-free in the Linux kernel's bq25980 battery charger power-supply driver (drivers/power/supply/bq25980.c) allows a triggered IRQ to call power_supply_changed() on a freed or uninitialized power_supply handle, typically crashing the system or corrupting memory. The flaw stems from devm-managed IRQ registration ordering relative to power_supply registration, creating a race during driver probe and removal. EPSS is negligible (0.02%, 7th percentile), there is no public exploit identified at time of analysis, and it is not on CISA KEV; the fix is committed upstream and shipped in multiple stable kernels.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45867 HIGH PATCH This Week

Local privilege escalation potential via a use-after-free in the Linux kernel's act8945a power supply driver, where the ACT8945A PMIC IRQ is requested before the power_supply handle is registered (and torn down after it during removal), letting an interrupt invoke power_supply_changed() on a freed or uninitialized handle. Affected systems run vulnerable Linux kernel builds (pre-6.6.128, pre-6.12.75, pre-6.1.165, pre-5.15.202, pre-5.10.252, and others) with the act8945a driver bound to real Atmel/Microchip SAMA5-class hardware. There is no public exploit identified at time of analysis; EPSS is very low (0.02%, 7th percentile) and the flaw is not in CISA KEV.

Memory Corruption Linux Denial Of Service Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45866 HIGH PATCH This Week

Local privilege-bounded use-after-free in the Linux kernel's CAIF serial line discipline (caif_serial / CONFIG_CAIF_TTY) lets a local attacker corrupt kernel memory by racing ldisc_close() against packet transmission. ldisc_close() drops the tty reference via tty_kref_put() while the CAIF network device is still live, so a concurrent caif_xmit()/handle_tx() can dereference the freed tty (ser->tty) and call tty->ops->write() on dangling memory, confirmed by a KASAN slab-use-after-free report. A reproducer is published, but no public weaponized exploit and no active exploitation are recorded; EPSS is 0.02% (7th percentile), consistent with a niche driver and a tight race window.

Memory Corruption Linux Use After Free Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45861 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 (Global File System 2) filesystem stems from a slab-use-after-free in qd_put() that corrupts the quota data LRU list during filesystem shutdown. Local authenticated users with access to a GFS2 mount could trigger the shrinker path (gfs2_qd_shrink_scan) to dereference freed objects, with EPSS at 0.02% indicating no public exploit identified at time of analysis. The flaw was introduced by commit a475c5dd16e5 which began freeing quota data synchronously without removing entries from the LRU list first.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45837 HIGH PATCH This Week

Local privilege-escalation-class memory corruption in the Linux kernel's BPF arena subsystem (introduced around 6.9) allows a process holding BPF capabilities to trigger a use-after-free. When a BPF arena VMA is inherited across fork(), arena_vm_open() bumps the mmap refcount but never registers the child VMA in arena->vma_list, leaving vml->vma pointing at the parent VMA; after the parent munmaps, a child call to bpf_arena_free_pages() dereferences the dangling pointer in zap_pages(). No public exploit or active exploitation is identified (EPSS 0.02%, 5th percentile), and vendor patches are available.

Memory Corruption Linux Use After Free Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24200 HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24187 HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-41401 HIGH PATCH This Week

Heap use-after-free write in libyang before 5.2.6 enables remote authenticated attackers to crash processes or potentially execute code by submitting crafted YANG XML documents to applications using the library for parsing. The flaw resides in lyd_parser_set_data_flags, which mishandles metadata list pointers when freeing non-head default metadata entries. No public exploit identified at time of analysis, EPSS is low at 0.03%, and SSVC rates technical impact as partial with no automatable exploitation.

Use After Free Memory Corruption RCE Libyang
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-43499 HIGH PATCH This Week

Local privilege escalation and potential memory corruption in the Linux kernel's rtmutex (real-time mutex) subsystem stems from remove_waiter() incorrectly operating on the current task instead of waiter::task during proxy-lock rollback in futex_requeue() paths. Exploitation can leave a dangling pi_blocked_on pointer primed for a use-after-free, with CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting local low-privileged access. EPSS is 0.02% (7th percentile) and no public exploit identified at time of analysis, but the UAF primitive is a known building block for kernel privilege escalation.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43497 HIGH PATCH This Week

Use-after-free in the Linux kernel's udlfb (DisplayLink USB framebuffer) driver allows a local user with access to the framebuffer device to retain read/write access to freed kernel memory pages after a USB disconnect or framebuffer reallocation. The dlfb_ops_mmap() function maps vmalloc-backed framebuffer pages to userspace without installing vm_ops callbacks, so the kernel cannot track active mappings and vfree() is called on pages still referenced by user PTEs. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the issue is not listed in CISA KEV.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-45251 HIGH This Week

A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object. In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability. The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges.

Memory Corruption Information Disclosure Use After Free Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-9126 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw requires user interaction (visiting a malicious page) but no authentication, and while Chromium rates its security severity as Medium, the CVSS 3.1 base score of 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google RCE Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9120 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Chromium rates the severity as High and the CVSS 3.1 score is 8.8, but exploitation requires user interaction (UI:R); no public exploit identified at time of analysis.

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9118 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 148.0.7778.179 stems from a use-after-free flaw in the XR (WebXR) component, enabling a remote attacker to run arbitrary code in the renderer process by enticing a user to visit a crafted HTML page. Chromium rates the issue High severity and CVSS scores it 8.8; no public exploit identified at time of analysis and SSVC reports exploitation status as none. A vendor patch is available via the Stable Channel update referenced in the Chrome Releases advisory.

Microsoft Google RCE Denial Of Service Use After Free +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9114 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free condition in the QUIC networking stack, allowing remote attackers to execute arbitrary code within the browser sandbox via malicious network traffic. Exploitation requires user interaction (visiting a malicious site or processing attacker-controlled QUIC traffic), and no public exploit has been identified at time of analysis. Chromium rates this as High severity, and a vendor patch is available.

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9112 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.179 stems from a use-after-free condition in the GPU component, enabling a remote attacker to run arbitrary code within the renderer sandbox after the victim loads a crafted HTML page. Google has rated the issue High severity and shipped a fix; no public exploit identified at time of analysis and SSVC indicates exploitation status 'none' despite total technical impact.

Microsoft Google RCE Denial Of Service Use After Free +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9111 HIGH PATCH This Week

Remote code execution in Google Chrome on Linux before 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, allowing a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code in the renderer process. Chromium rates the severity as Critical and a vendor patch is available, though there is no public exploit identified at time of analysis and SSVC indicates no observed exploitation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with required user interaction (visiting a page).

Google RCE Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3593 CRITICAL PATCH Act Now

Memory corruption in ISC BIND 9's DNS-over-HTTPS (DoH) implementation lets remote attackers trigger a use-after-free (CWE-416) by interacting with the DoH endpoint, affecting BIND 9.20.0-9.20.22, 9.21.0-9.21.21, and the 9.20.9-S1-9.20.22-S1 subscription builds; the older 9.18.x branch is explicitly not affected. The vendor scores it CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), implying unauthenticated remote impact, though CISA's SSVC rates technical impact as only 'partial' and exploitation as 'none'. There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 7th percentile), indicating no observed exploitation activity.

Memory Corruption Information Disclosure Use After Free Bind 9
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33278 CRITICAL PATCH Act Now

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.

Memory Corruption Denial Of Service Use After Free RCE Unbound
NVD VulDB
CVSS 4.0
9.1
EPSS
0.4%
CVE-2026-8953 CRITICAL PATCH Act Now

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

Information Disclosure Mozilla Use After Free Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-8947 HIGH PATCH This Week

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

Information Disclosure Mozilla Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-47310 HIGH This Week

Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Memory Corruption Samsung Denial Of Service Use After Free
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28733 MEDIUM This Month

Use-After-Free memory corruption in OpenHarmony v6.0 and prior enables a local attacker with low privileges to execute arbitrary code, achieving a changed scope with high availability impact. The vulnerability is rooted in CWE-416, where freed memory regions are accessed without proper lifecycle management, a class of flaw frequently exploitable for control-flow hijacking. No public exploit code or CISA KEV listing has been identified at time of analysis, though the OpenHarmony security team has published a formal disclosure.

Memory Corruption Use After Free RCE Openharmony
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46523 NuGet MEDIUM PATCH GHSA This Month

Heap-use-after-free in Magick.NET's MSL (Magick Scripting Language) decoder causes a denial-of-service condition when processing a crafted MSL image file. All Magick.NET NuGet package variants across Q16, Q16-HDRI, and multi-architecture builds prior to version 14.13.1 are affected. No public exploit code and no confirmed active exploitation (CISA KEV) have been identified at time of analysis; the CVSS vector indicates local-only access with availability-only impact, classifying this as a crasher rather than a code execution or data exposure issue.

Memory Corruption Information Disclosure Use After Free
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-8746 LOW POC Monitor

Use-after-free vulnerability in Open5GS NRF component (versions up to 2.7.7) allows authenticated remote attackers to trigger denial of service via the discover_handler function in nghttp2-server.c. Publicly available exploit code exists (GitHub issue #4476), but vendor has not responded to early disclosure. EPSS data not available; CVSS 4.3 (Medium) reflects limited scope (DoS only, authenticated access required). Not listed in CISA KEV, indicating no confirmed widespread exploitation despite public POC.

Denial Of Service Use After Free Memory Corruption Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8696 HIGH This Week

Memory corruption in radare2 6.1.5's GDB client allows remote attackers to crash the application or potentially execute code through malformed thread information responses. The vulnerability triggers when the GDB remote protocol's qsThreadInfo command fails after qfThreadInfo has allocated memory, causing a use-after-free condition. While no public exploits have been identified, the CVSS 8.7 score reflects the potential for remote unauthenticated denial of service impact.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-8695 HIGH PATCH This Week

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Denial Of Service RCE Buffer Overflow Memory Corruption Use After Free +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-48521 MEDIUM This Month

Use-After-Free vulnerability in the AMD Secure Processor (ASP) PCI driver affects multiple Ryzen, Threadripper, EPYC, and Athlon processor families due to improper input validation. A local attacker with user-level privileges can trigger the UAF condition, resulting in denial of service via platform crash or potential loss of platform integrity. Vendor-released patch: AMD Ryzen Chipset Driver 7.02.13.148 (or equivalent Catalyst driver versions for embedded SKUs). No public exploit identified at time of analysis.

Denial Of Service Amd Use After Free Memory Corruption
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-8587 HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8581 HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8580 CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-8575 HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8574 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8557 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption Privilege Escalation Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8555 HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption RCE +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8553 LOW PATCH Monitor

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Chrome
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-8551 HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8550 MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8549 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8544 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8542 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8533 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8530 HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8523 HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8522 HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8521 HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8518 HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8515 HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8514 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8513 HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8512 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8511 CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-40701 MEDIUM PATCH This Month

Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Nginx Nginx Plus +1
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-41218 HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP Policy Enforcement Manager (PEM) allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) via undisclosed traffic patterns when PEM-specific iRules are configured on a virtual server. The vulnerability is a use-after-free memory corruption issue (CWE-416) affecting CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and urlcatquery iRule commands. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates straightforward remote exploitation with high availability impact. EPSS data not provided, but F5 has released a vendor patch (K000160875). No public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Big Ip
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-8336 HIGH PATCH This Week

Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.

Denial Of Service Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-8201 MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Mongodb Server
NVD VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-34638 HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Use After Free Memory Corruption RCE Premiere Pro
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40418 HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40402 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-40382 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40361 HIGH PATCH NEWS Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-40359 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-40358 HIGH PATCH NEWS Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-34340 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-34338 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34337 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34332 HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-33835 HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42825 HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-41095 HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40419 HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40415 HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40410 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-40408 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 filesystem stems from a use-after-free in the inline data write path of gfs2_iomap_begin(), where the inode buffer head is released before iomap->inline_data is consumed by iomap_write_end_inline(). Local users with the ability to write to a GFS2-backed filesystem can trigger memory corruption via a freed page that kswapd has since reclaimed. No public exploit identified at time of analysis, EPSS probability is very low (0.02%), and the issue is not listed in CISA KEV, but vendor patches across multiple stable trees are available.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and denial of service in the Linux kernel's AMD XDNA (amdxdna) accelerator driver allows authenticated local users to trigger a use-after-free condition by submitting jobs to a hardware context concurrently with resource release. The flaw affects kernels in the 6.14.9 through 6.15 series and was resolved upstream by stopping job scheduling around aie2_release_resource() and validating context state in aie2_sched_job_run(). No public exploit identified at time of analysis, and EPSS scoring (0.02%) indicates negligible near-term exploitation probability.

Linux Denial Of Service Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free and double-free conditions in the Linux kernel's SMB client (smb2_open_file) can be triggered when SMB2_open() retry paths fail to zero out err_iov and err_buftype buffers, leading to memory corruption. The flaw affects multiple stable kernel branches (6.1, 6.6, 6.12, 6.18) and is fixed in upstream patches; no public exploit identified at time of analysis and EPSS is very low (0.02%) despite the 9.8 CVSS score.

Information Disclosure Memory Corruption Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel bonding driver's Adaptive Load Balancing (ALB) subsystem allows a local low-privileged user to crash the kernel by racing rlb_arp_recv() against rlb_deinitialize() during rapid bond interface up/down cycling. Specifically, the RX handler continues to dereference rx_hashtbl entries after rlb_deinitialize() frees them, because recv_probe is set to NULL without first draining in-flight softirq handlers via synchronize_net(). Systems running bonded NICs in ALB mode (mode=6) on affected kernel versions - including Dell PowerEdge hardware and Canonical-distributed kernels - are at risk of kernel panic. No public exploit identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms no observed mass exploitation.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's Exynos DRM VIDI (Virtual Display) driver allows local users with access to the DRM device to trigger null pointer dereferences, garbage value accesses, out-of-bounds reads, or use-after-free conditions via the vidi_connection_ioctl() handler. The flaw stems from an incorrect device-to-context lookup that retrieves driver_data from the exynos-drm master device instead of the VIDI component device. A vendor patch is available across multiple stable branches, no public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.02%.

Denial Of Service Samsung Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel's BPF subsystem stems from incorrect refcounting in check_pseudo_btf_id() that can leave a BTF (BPF Type Format) object with a zero refcount while still in use, creating a use-after-free condition. Affected kernels (around 6.14 through pre-patch 6.18.14/6.19.4) allow a local low-privileged user capable of loading BPF programs to corrupt kernel memory, with no public exploit identified at time of analysis and EPSS scoring exploitation likelihood at only 0.02%.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's ab8500 power supply driver (drivers/power/supply/ab8500) can be triggered during device removal or probe due to incorrect ordering of devm_-managed resource allocation. The race allows an IRQ handler to invoke power_supply_changed() against a freed or uninitialized power_supply handle, typically resulting in a kernel crash or silent memory corruption. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the flaw is not on CISA KEV.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in the Linux kernel's pm8916_lbc power-supply driver (Qualcomm PM8916 PMIC linear battery charger) stems from a use-after-free in power_supply_changed(), where devm-managed teardown ordering lets a charger interrupt fire against a freed or not-yet-initialized power_supply handle during driver probe or removal. Local attackers able to trigger device unbind/rebind or module load/unload can crash the system or silently corrupt kernel memory. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis; the issue is not in CISA KEV.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's goldfish power-supply driver (drivers/power/supply/goldfish_battery) allows a local attacker to crash the system or corrupt kernel memory by racing device probe/removal against the battery IRQ handler. The driver requested its IRQ via devm_ before registering the power_supply handle, so on teardown the handle is freed while the still-live interrupt can fire and call power_supply_changed() on freed (or, during probe, uninitialized) memory. No public exploit identified at time of analysis; EPSS is negligible (0.02%) and the bug is not in CISA KEV.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's OpenVPN data channel offload (ovpn) module allows a local attacker with low privileges to potentially trigger memory corruption when transmitting shared sk_buff packets through ovpn_net_xmit. The flaw stems from continued use of a stale skb pointer after skb_share_check frees the original buffer, affecting peer lookup, skb_dst_drop, and TX statistics paths. No public exploit identified at time of analysis, and the EPSS probability is very low (0.02%), suggesting the bug is more of a stability and memory-safety concern than an imminently weaponized vector.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-relevant memory corruption in the Linux kernel's sbs-battery power supply driver (drivers/power/supply/sbs-battery) stems from a use-after-free in power_supply_changed(). Because the driver requested its IRQ via devm_ before allocating/registering the power_supply handle, devm teardown frees the handle in reverse order while the interrupt is still live, so an SMBus battery interrupt firing during device removal (or before registration during probe) invokes power_supply_changed() on a freed or uninitialized pointer, typically crashing the system or silently corrupting memory. EPSS is negligible (0.02%, 7th percentile), no public exploit is identified, and it is not on CISA KEV; the fix is upstream-committed and shipped in multiple stable releases.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local memory corruption affects the Linux kernel's hwmon ibmpex driver, where commit 6946c726c3f4 - intended to fix a use-after-free in the high/low sysfs store handlers - instead introduced a new race condition by setting driver data to NULL before removing sensor attributes. The remediation is a revert of that flawed commit across the 6.1, 6.6, 6.12, 6.18, and 6.19 stable trees. With EPSS at 0.02% (7th percentile), no public exploit identified at time of analysis, and no CISA KEV listing, real-world risk is minimal given the obscure IBM PowerExecutive sensor hardware the driver targets.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's pf1550 power-supply driver (drivers/power/supply/pf1550) lets a queued hardware interrupt invoke power_supply_changed() on an already-freed power_supply handle during module/device removal, and can also dereference an uninitialized handle during probe. The flaw stems from devm-managed resource ordering: the IRQ was requested before the power_supply was registered, so devm teardown frees the power_supply first. Impact is typically a kernel crash or silent memory corruption. EPSS is very low (0.02%, 5th percentile) and there is no public exploit identified at time of analysis.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-level use-after-free in the Linux kernel's bq256xx battery charger driver (power: supply: bq256xx) allows memory corruption when a charger IRQ fires during device probe or removal, calling power_supply_changed() against a freed or uninitialized power_supply handle. The flaw stems from devm_ resources being released in reverse order, so the IRQ outlives the power_supply registration; triggering it typically crashes the system or silently corrupts kernel memory. No public exploit is identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 7th percentile), with no CISA KEV listing.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-impacting memory corruption in the Linux kernel's cpcap-battery power supply driver allows a use-after-free in power_supply_changed() triggered during device probe or removal. The driver requested its IRQ via devm_ before registering the power_supply handle, so on teardown the handle is freed while the interrupt handler can still fire, dereferencing freed memory and typically crashing the system or silently corrupting memory. EPSS is negligible (0.02%, 7th percentile) and there is no public exploit identified at time of analysis; the issue is confined to Motorola CPCAP PMIC hardware (e.g. Droid 4) rather than general-purpose servers.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's pm8916_bms_vm power-supply driver (for Qualcomm PM8916 battery monitoring on certain Snapdragon SoCs) lets a freed power_supply handle be dereferenced when an IRQ fires during device removal or probe, corrupting kernel memory or crashing the system. The flaw stems from devm-managed IRQ registration occurring before the power_supply handle was registered, so devm's reverse-order teardown frees the handle while the interrupt is still live. EPSS is negligible (0.02%, 5th percentile) and there is no public exploit identified at time of analysis; impact is realistically a local denial of service on the narrow set of devices using this driver.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-level use-after-free in the Linux kernel's bq25980 battery charger power-supply driver (drivers/power/supply/bq25980.c) allows a triggered IRQ to call power_supply_changed() on a freed or uninitialized power_supply handle, typically crashing the system or corrupting memory. The flaw stems from devm-managed IRQ registration ordering relative to power_supply registration, creating a race during driver probe and removal. EPSS is negligible (0.02%, 7th percentile), there is no public exploit identified at time of analysis, and it is not on CISA KEV; the fix is committed upstream and shipped in multiple stable kernels.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential via a use-after-free in the Linux kernel's act8945a power supply driver, where the ACT8945A PMIC IRQ is requested before the power_supply handle is registered (and torn down after it during removal), letting an interrupt invoke power_supply_changed() on a freed or uninitialized handle. Affected systems run vulnerable Linux kernel builds (pre-6.6.128, pre-6.12.75, pre-6.1.165, pre-5.15.202, pre-5.10.252, and others) with the act8945a driver bound to real Atmel/Microchip SAMA5-class hardware. There is no public exploit identified at time of analysis; EPSS is very low (0.02%, 7th percentile) and the flaw is not in CISA KEV.

Memory Corruption Linux Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-bounded use-after-free in the Linux kernel's CAIF serial line discipline (caif_serial / CONFIG_CAIF_TTY) lets a local attacker corrupt kernel memory by racing ldisc_close() against packet transmission. ldisc_close() drops the tty reference via tty_kref_put() while the CAIF network device is still live, so a concurrent caif_xmit()/handle_tx() can dereference the freed tty (ser->tty) and call tty->ops->write() on dangling memory, confirmed by a KASAN slab-use-after-free report. A reproducer is published, but no public weaponized exploit and no active exploitation are recorded; EPSS is 0.02% (7th percentile), consistent with a niche driver and a tight race window.

Memory Corruption Linux Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 (Global File System 2) filesystem stems from a slab-use-after-free in qd_put() that corrupts the quota data LRU list during filesystem shutdown. Local authenticated users with access to a GFS2 mount could trigger the shrinker path (gfs2_qd_shrink_scan) to dereference freed objects, with EPSS at 0.02% indicating no public exploit identified at time of analysis. The flaw was introduced by commit a475c5dd16e5 which began freeing quota data synchronously without removing entries from the LRU list first.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege-escalation-class memory corruption in the Linux kernel's BPF arena subsystem (introduced around 6.9) allows a process holding BPF capabilities to trigger a use-after-free. When a BPF arena VMA is inherited across fork(), arena_vm_open() bumps the mmap refcount but never registers the child VMA in arena->vma_list, leaving vml->vma pointing at the parent VMA; after the parent munmaps, a child call to bpf_arena_free_pages() dereferences the dangling pointer in zap_pages(). No public exploit or active exploitation is identified (EPSS 0.02%, 5th percentile), and vendor patches are available.

Memory Corruption Linux Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap use-after-free write in libyang before 5.2.6 enables remote authenticated attackers to crash processes or potentially execute code by submitting crafted YANG XML documents to applications using the library for parsing. The flaw resides in lyd_parser_set_data_flags, which mishandles metadata list pointers when freeing non-head default metadata entries. No public exploit identified at time of analysis, EPSS is low at 0.03%, and SSVC rates technical impact as partial with no automatable exploitation.

Use After Free Memory Corruption RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and potential memory corruption in the Linux kernel's rtmutex (real-time mutex) subsystem stems from remove_waiter() incorrectly operating on the current task instead of waiter::task during proxy-lock rollback in futex_requeue() paths. Exploitation can leave a dangling pi_blocked_on pointer primed for a use-after-free, with CVSS 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting local low-privileged access. EPSS is 0.02% (7th percentile) and no public exploit identified at time of analysis, but the UAF primitive is a known building block for kernel privilege escalation.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in the Linux kernel's udlfb (DisplayLink USB framebuffer) driver allows a local user with access to the framebuffer device to retain read/write access to freed kernel memory pages after a USB disconnect or framebuffer reallocation. The dlfb_ops_mmap() function maps vmalloc-backed framebuffer pages to userspace without installing vm_ops callbacks, so the kernel cannot track active mappings and vfree() is called on pages still referenced by user PTEs. No public exploit identified at time of analysis, EPSS is very low (0.02%), and the issue is not listed in CISA KEV.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object. In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability. The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges.

Memory Corruption Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw requires user interaction (visiting a malicious page) but no authentication, and while Chromium rates its security severity as Medium, the CVSS 3.1 base score of 8.8 reflects high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Google RCE Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Chromium rates the severity as High and the CVSS 3.1 score is 8.8, but exploitation requires user interaction (UI:R); no public exploit identified at time of analysis.

Google RCE Denial Of Service +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 148.0.7778.179 stems from a use-after-free flaw in the XR (WebXR) component, enabling a remote attacker to run arbitrary code in the renderer process by enticing a user to visit a crafted HTML page. Chromium rates the issue High severity and CVSS scores it 8.8; no public exploit identified at time of analysis and SSVC reports exploitation status as none. A vendor patch is available via the Stable Channel update referenced in the Chrome Releases advisory.

Microsoft Google RCE +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.179 stems from a use-after-free condition in the QUIC networking stack, allowing remote attackers to execute arbitrary code within the browser sandbox via malicious network traffic. Exploitation requires user interaction (visiting a malicious site or processing attacker-controlled QUIC traffic), and no public exploit has been identified at time of analysis. Chromium rates this as High severity, and a vendor patch is available.

Google RCE Denial Of Service +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.179 stems from a use-after-free condition in the GPU component, enabling a remote attacker to run arbitrary code within the renderer sandbox after the victim loads a crafted HTML page. Google has rated the issue High severity and shipped a fix; no public exploit identified at time of analysis and SSVC indicates exploitation status 'none' despite total technical impact.

Microsoft Google RCE +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Linux before 148.0.7778.179 stems from a use-after-free flaw in the WebRTC component, allowing a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code in the renderer process. Chromium rates the severity as Critical and a vendor patch is available, though there is no public exploit identified at time of analysis and SSVC indicates no observed exploitation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with required user interaction (visiting a page).

Google RCE Denial Of Service +5
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory corruption in ISC BIND 9's DNS-over-HTTPS (DoH) implementation lets remote attackers trigger a use-after-free (CWE-416) by interacting with the DoH endpoint, affecting BIND 9.20.0-9.20.22, 9.21.0-9.21.21, and the 9.20.9-S1-9.20.22-S1 subscription builds; the older 9.18.x branch is explicitly not affected. The vendor scores it CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), implying unauthenticated remote impact, though CISA's SSVC rates technical impact as only 'partial' and exploitation as 'none'. There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 7th percentile), indicating no observed exploitation activity.

Memory Corruption Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

Information Disclosure Mozilla Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

Information Disclosure Mozilla Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Memory Corruption Samsung Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-After-Free memory corruption in OpenHarmony v6.0 and prior enables a local attacker with low privileges to execute arbitrary code, achieving a changed scope with high availability impact. The vulnerability is rooted in CWE-416, where freed memory regions are accessed without proper lifecycle management, a class of flaw frequently exploitable for control-flow hijacking. No public exploit code or CISA KEV listing has been identified at time of analysis, though the OpenHarmony security team has published a formal disclosure.

Memory Corruption Use After Free RCE +1
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Heap-use-after-free in Magick.NET's MSL (Magick Scripting Language) decoder causes a denial-of-service condition when processing a crafted MSL image file. All Magick.NET NuGet package variants across Q16, Q16-HDRI, and multi-architecture builds prior to version 14.13.1 are affected. No public exploit code and no confirmed active exploitation (CISA KEV) have been identified at time of analysis; the CVSS vector indicates local-only access with availability-only impact, classifying this as a crasher rather than a code execution or data exposure issue.

Memory Corruption Information Disclosure Use After Free
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Use-after-free vulnerability in Open5GS NRF component (versions up to 2.7.7) allows authenticated remote attackers to trigger denial of service via the discover_handler function in nghttp2-server.c. Publicly available exploit code exists (GitHub issue #4476), but vendor has not responded to early disclosure. EPSS data not available; CVSS 4.3 (Medium) reflects limited scope (DoS only, authenticated access required). Not listed in CISA KEV, indicating no confirmed widespread exploitation despite public POC.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Memory corruption in radare2 6.1.5's GDB client allows remote attackers to crash the application or potentially execute code through malformed thread information responses. The vulnerability triggers when the GDB remote protocol's qsThreadInfo command fails after qfThreadInfo has allocated memory, causing a use-after-free condition. While no public exploits have been identified, the CVSS 8.7 score reflects the potential for remote unauthenticated denial of service impact.

Denial Of Service RCE Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote attackers can trigger memory corruption in radare2 6.1.5 through its GDB remote debugging interface, causing denial of service or potentially achieving code execution. The use-after-free vulnerability in gdbr_threads_list() occurs when processing a valid qfThreadInfo response followed by a malformed qsThreadInfo response, leading to improper memory management. VulnCheck reported this issue and vendor patch commit c213ad6894a1eb9086ac8bf5fae35757e9e1683c addresses the vulnerability.

Denial Of Service RCE Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Use-After-Free vulnerability in the AMD Secure Processor (ASP) PCI driver affects multiple Ryzen, Threadripper, EPYC, and Athlon processor families due to improper input validation. A local attacker with user-level privileges can trigger the UAF condition, resulting in denial of service via platform crash or potential loss of platform integrity. Vendor-released patch: AMD Ryzen Chipset Driver 7.02.13.148 (or equivalent Catalyst driver versions for embedded SKUs). No public exploit identified at time of analysis.

Denial Of Service Amd Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +6
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap-use-after-free in NGINX Plus and NGINX Open Source allows unauthenticated remote attackers to trigger memory corruption in the worker process when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is configured with a resolver. Exploitation can cause limited information disclosure or worker process restart, with CVSS 4.8 reflecting moderate impact constrained by high attack complexity. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP Policy Enforcement Manager (PEM) allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) via undisclosed traffic patterns when PEM-specific iRules are configured on a virtual server. The vulnerability is a use-after-free memory corruption issue (CWE-416) affecting CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and urlcatquery iRule commands. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates straightforward remote exploitation with high availability impact. EPSS data not provided, but F5 has released a vendor patch (K000160875). No public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Use-after-free in MongoDB Server's Field-Level Encryption query analysis component allows authenticated remote attackers with control over FLE query structure to cause information disclosure and denial of service. The vulnerability affects mongocryptd and crypt_shared in versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. No public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Exploit Unlikely Act Now

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Likely This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Denial Of Service Microsoft Use After Free +1
NVD VulDB
Prev Page 9 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy