Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1046 | 1 Luxion | 1 Keyshot | 2025-08-07 | N/A | N/A |
| Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646. | |||||
| CVE-2025-47917 | 1 Arm | 1 Mbed Tls | 2025-08-07 | N/A | 9.8 CRITICAL |
| Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN). | |||||
| CVE-2025-21456 | 2025-08-06 | N/A | 7.8 HIGH | ||
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. | |||||
| CVE-2025-23281 | 2025-08-02 | N/A | N/A | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | |||||
| CVE-2025-8176 | 2025-07-26 | N/A | 5.3 MEDIUM | ||
| A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-2913 | 1 Hdfgroup | 1 Hdf5 | 2025-07-24 | N/A | 5.3 MEDIUM |
| A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3631 | 1 Ibm | 1 Mq Appliance | 2025-07-23 | N/A | 7.5 HIGH |
| An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | |||||
| CVE-2024-8375 | 1 Google | 1 Reverb | 2025-07-22 | N/A | 7.8 HIGH |
| There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content overwriting the vtable pointers of all the objects which were previously allocated. Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server’s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25 | |||||
| CVE-2018-1000217 | 1 Davegamble | 1 Cjson | 2025-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4. | |||||
| CVE-2025-27056 | 1 Qualcomm | 50 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 47 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption during sub-system restart while processing clean-up to free up resources. | |||||
| CVE-2025-49726 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49725 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49724 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 8.8 HIGH |
| Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-49733 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49685 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-07-15 | N/A | 7.0 HIGH |
| Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49677 | 1 Microsoft | 1 Windows 11 22h2 | 2025-07-15 | N/A | 7.0 HIGH |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49699 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-15 | N/A | 7.0 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-49698 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-15 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-49675 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49695 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-15 | N/A | 8.4 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||