Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30386 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-05-19 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-29831 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-05-19 | N/A | 7.5 HIGH |
|
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2025-43571 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43549 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43568 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43570 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-27338 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 5.5 MEDIUM |
|
PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing o ...
Show More |
|||||
| CVE-2023-42040 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the mailForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An a ...
Show More |
|||||
| CVE-2023-42041 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operat ...
Show More |
|||||
| CVE-2023-42050 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 5.5 MEDIUM |
|
PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing o ...
Show More |
|||||
| CVE-2025-29977 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2023-39491 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2025-29970 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-29978 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-05-19 | N/A | 7.8 HIGH |
|
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2025-30377 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-05-19 | N/A | 8.4 HIGH |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
|||||
| CVE-2023-42080 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2023-42082 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JPG files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2023-42086 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2023-42108 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2023-42059 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2023-42075 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
|
PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JPG files. The issue results from the lack of validating the existence of an object prior to performing operations ...
Show More |
|||||
| CVE-2022-42720 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2025-05-15 | N/A | 7.8 HIGH |
|
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
|
|||||
| CVE-2022-42719 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2025-05-15 | N/A | 8.8 HIGH |
|
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
|
|||||
| CVE-2024-1284 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | N/A | 9.8 CRITICAL |
|
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-22077 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2025-05-15 | N/A | 8.4 HIGH |
|
Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile
|
|||||
| CVE-2022-38983 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 9.8 CRITICAL |
|
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
|
|||||
| CVE-2022-41303 | 1 Autodesk | 1 Fbx Software Development Kit | 2025-05-14 | N/A | 7.8 HIGH |
|
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
|
|||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2025-05-13 | N/A | 8.4 HIGH |
|
Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile
|
|||||
| CVE-2024-49128 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-13 | N/A | 8.1 HIGH |
|
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
|
|||||
| CVE-2021-47335 | 1 Linux | 1 Linux Kernel | 2025-05-12 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances
As syzbot reported, there is an use-after-free issue during f2fs recovery:
Use-after-free write at 0xffff88823bc16040 (in kfence-#10):
kmem_cache_destroy+0x1f/0x120 mm/slab_common.c:486
f2fs_recover_fsync_data+0x75b0/0x8380 fs/f2fs/recovery.c:869
f2fs_fill_super+0x9393/0xa420 fs/f2fs/super.c:3945
mount_bdev+0x26c/0x3a0 fs/super.c:1367
legacy_get_ ...
Show More |
|||||
| CVE-2025-27578 | 2025-05-12 | N/A | 7.5 HIGH | ||
|
Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
|
|||||
| CVE-2025-31946 | 2025-05-12 | N/A | 6.2 MEDIUM | ||
|
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
|
|||||
| CVE-2025-0427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-05-12 | N/A | 7.8 HIGH |
|
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: fr ...
Show More |
|||||
| CVE-2025-0072 | 1 Arm | 2 5th Gen Gpu Architecture Kernel Driver, Valhall Gpu Kernel Driver | 2025-05-12 | N/A | 7.8 HIGH |
|
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.
This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.
|
|||||
| CVE-2024-26455 | 1 Treasuredata | 1 Fluent Bit | 2025-05-12 | N/A | 7.5 HIGH |
|
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
|
|||||
| CVE-2024-45567 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption while encoding JPEG format.
|
|||||
| CVE-2024-45566 | 1 Qualcomm | 46 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 43 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption during concurrent buffer access due to modification of the reference count.
|
|||||
| CVE-2024-45564 | 1 Qualcomm | 126 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 123 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption during concurrent access to server info object due to incorrect reference count update.
|
|||||
| CVE-2024-45554 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
|
|||||
| CVE-2024-45583 | 1 Qualcomm | 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more | 2025-05-09 | N/A | 6.6 MEDIUM |
|
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.
|
|||||