Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58735 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58734 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58733 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58732 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58731 | 1 Microsoft | 7 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 4 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58730 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58738 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-58737 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-10-16 | N/A | 7.0 HIGH |
|
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-61801 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-10-16 | N/A | 7.8 HIGH |
|
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-61802 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-10-16 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-58287 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 7.8 HIGH |
|
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2025-58299 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 8.4 HIGH |
|
Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-54030 | 1 Openatom | 1 Openharmony | 2025-10-16 | N/A | 4.4 MEDIUM |
|
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.
|
|||||
| CVE-2025-53132 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-15 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2023-48184 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | N/A | 3.9 LOW |
|
QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
|
|||||
| CVE-2025-23280 | 2025-10-14 | N/A | 7.0 HIGH | ||
|
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
|
|||||
| CVE-2025-5100 | 1 Dynamixsoftware | 1 Printershare | 2025-10-08 | N/A | 8.0 HIGH |
|
A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
|
|||||
| CVE-2024-42326 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 4.4 MEDIUM |
|
There was discovered a use after free bug in browser.c in the es_browser_get_variant function
|
|||||
| CVE-2024-42112 | 1 Linux | 1 Linux Kernel | 2025-10-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: free isb resources at the right time
When using MSI/INTx interrupt, the shared interrupts are still being
handled in the device remove routine, before free IRQs. So isb memory
is still read after it is freed. Thus move wx_free_isb_resources()
from txgbe_close() to txgbe_remove(). And fix the improper isb free
action in txgbe_open() error handling path.
|
|||||
| CVE-2025-61692 | 1 Keyence | 1 Vt Studio | 2025-10-07 | N/A | 7.8 HIGH |
|
VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
|
|||||
| CVE-2024-45544 | 1 Qualcomm | 88 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 85 more | 2025-10-06 | N/A | 6.6 MEDIUM |
|
Memory corruption while processing IOCTL calls to add route entry in the HW.
|
|||||
| CVE-2024-45540 | 1 Qualcomm | 136 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 133 more | 2025-10-06 | N/A | 6.6 MEDIUM |
|
Memory corruption while invoking IOCTL map buffer request from userspace.
|
|||||
| CVE-2024-43066 | 1 Qualcomm | 196 Csrb31024, Csrb31024 Firmware, Fastconnect 6200 and 193 more | 2025-10-06 | N/A | 7.8 HIGH |
|
Memory corruption while handling file descriptor during listener registration/de-registration.
|
|||||
| CVE-2024-49848 | 1 Qualcomm | 294 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 291 more | 2025-10-06 | N/A | 6.7 MEDIUM |
|
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
|
|||||
| CVE-2025-9385 | 1 Broadcom | 1 Tcpreplay | 2025-10-06 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.
|
|||||
| CVE-2025-9386 | 1 Broadcom | 1 Tcpreplay | 2025-10-06 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
|
|||||
| CVE-2025-10729 | 2025-10-06 | N/A | N/A | ||
|
The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
|
|||||
| CVE-2024-23365 | 1 Qualcomm | 96 Fastconnect 7800, Fastconnect 7800 Firmware, Qam8255p and 93 more | 2025-10-03 | N/A | 8.4 HIGH |
|
Memory corruption while releasing shared resources in MinkSocket listener thread.
|
|||||
| CVE-2024-38629 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Avoid unnecessary destruction of file_ida
file_ida is allocated during cdev open and is freed accordingly
during cdev release. This sequence is guaranteed by driver file
operations. Therefore, there is no need to destroy an already empty
file_ida when the WQ cdev is removed.
Worse, ida_free() in cdev release may happen after destruction of
file_ida per WQ cdev. This can lead to accessing an id in file_ida
aft ...
Show More |
|||||
| CVE-2024-45434 | 1 Opensynergy | 1 Blue Sdk | 2025-10-02 | N/A | 9.8 CRITICAL |
|
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.
|
|||||
| CVE-2025-53802 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-10-02 | N/A | 7.0 HIGH |
|
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-53807 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-02 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54092 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-02 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54103 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-10-02 | N/A | 7.4 HIGH |
|
Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54105 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-10-02 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54102 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-10-02 | N/A | 7.8 HIGH |
|
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-55228 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-10-02 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
|
|||||
| CVE-2025-54913 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-02 | N/A | 7.8 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54912 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-02 | N/A | 7.8 HIGH |
|
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-54108 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-10-02 | N/A | 7.0 HIGH |
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
|
|||||