Total
6832 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61801 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-10-20 | 7.8 High |
| Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54279 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-20 | 7.8 High |
| Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-59734 | 1 Ffmpeg | 1 Ffmpeg | 2025-10-19 | 6.5 Medium |
| It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, the undecoded frame is stored, and decoded again when the FTCH chunks are parsed. However, in process_frame_obj if the frame has an invalid size, there’s an early return, with a value of 0. This causes the code in decode_frame to still store the raw frame buffer into ctx->stored_frame. Leaving ctx->has_dimensions set to false. A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to the top/left values and calling process_frame_obj again. Given that we never set ctx->have_dimensions before, this time we set the dimensions, calling init_buffers, which can reallocate the buffer in ctx->stored_frame, freeing the previous one. However, the GetByteContext object gb still holds a reference to the old buffer. Finally, when the code tries to decode the frame, codecs that accept a GetByteContext as a parameter will trigger a use-after-free read when using gb. GetByteContext is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free and when the object is accessed. However, upon returning to process_ftch, the code restores the original values for top/left in stored_frame, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator’s metadata. This issue can be triggered just by probing whether a file has the sanm format. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-46709 | 1 Imaginationtech | 2 Ddk, Graphics Ddk | 2025-10-17 | 7.5 High |
| Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. | ||||
| CVE-2024-54030 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-10-16 | 4.4 Medium |
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. | ||||
| CVE-2023-48184 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | 3.9 Low |
| QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | ||||
| CVE-2024-36353 | 2025-10-14 | 6.5 Medium | ||
| Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality. | ||||
| CVE-2023-36041 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-10-08 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-36008 | 1 Microsoft | 1 Edge Chromium | 2025-10-08 | 6.6 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2023-36034 | 1 Microsoft | 1 Edge Chromium | 2025-10-08 | 7.3 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-5100 | 1 Dynamixsoftware | 1 Printershare | 2025-10-08 | 8 High |
| A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | ||||
| CVE-2024-42326 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 4.4 Medium |
| There was discovered a use after free bug in browser.c in the es_browser_get_variant function | ||||
| CVE-2024-42112 | 1 Linux | 1 Linux Kernel | 2025-10-07 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path. | ||||
| CVE-2025-61692 | 1 Keyence | 1 Vt Studio | 2025-10-07 | 7.8 High |
| VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | ||||
| CVE-2024-45544 | 1 Qualcomm | 88 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 85 more | 2025-10-06 | 6.6 Medium |
| Memory corruption while processing IOCTL calls to add route entry in the HW. | ||||
| CVE-2024-45540 | 1 Qualcomm | 136 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 133 more | 2025-10-06 | 6.6 Medium |
| Memory corruption while invoking IOCTL map buffer request from userspace. | ||||
| CVE-2024-43066 | 1 Qualcomm | 196 Csrb31024, Csrb31024 Firmware, Fastconnect 6200 and 193 more | 2025-10-06 | 7.8 High |
| Memory corruption while handling file descriptor during listener registration/de-registration. | ||||
| CVE-2024-49848 | 1 Qualcomm | 294 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 291 more | 2025-10-06 | 6.7 Medium |
| Memory corruption while processing multiple IOCTL calls from HLOS to DSP. | ||||
| CVE-2025-9385 | 2 Appneta, Broadcom | 2 Tcpreplay, Tcpreplay | 2025-10-06 | 5.3 Medium |
| A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component. | ||||
| CVE-2025-9386 | 2 Appneta, Broadcom | 2 Tcpreplay, Tcpreplay | 2025-10-06 | 5.3 Medium |
| A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component. | ||||