Total
668 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12107 | 1 D3tn | 1 Ud3tn | 2025-08-05 | 7.5 High |
| Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS | ||||
| CVE-2024-44098 | 1 Google | 2 Android, Pixel | 2025-07-24 | 7.4 High |
| In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-2925 | 1 Hdfgroup | 1 Hdf5 | 2025-07-24 | 3.3 Low |
| A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-1000216 | 1 Davegamble | 1 Cjson | 2025-07-22 | N/A |
| Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. | ||||
| CVE-2025-27051 | 2 Microsoft, Qualcomm | 21 Windows, Fastconnect 6900, Fastconnect 6900 Firmware and 18 more | 2025-07-21 | 7.8 High |
| Memory corruption while processing command message in WLAN Host. | ||||
| CVE-2024-30097 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-16 | 8.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | ||||
| CVE-2024-3187 | 1 Embedthis | 1 Goahead | 2025-07-13 | 5.9 Medium |
| This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. | ||||
| CVE-2024-39564 | 1 Juniper Networks | 2 Junos Os, Junos Os Evolved | 2025-07-12 | 7.5 High |
| This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO. | ||||
| CVE-2023-24903 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-10 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2024-38157 | 1 Microsoft | 1 Azure Iot Hub Device Client Sdk | 2025-07-10 | 7 High |
| Azure IoT SDK Remote Code Execution Vulnerability | ||||
| CVE-2025-26640 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-10 | 7 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27730 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-49014 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
| SQL Server Native Client Remote Code Execution Vulnerability | ||||
| CVE-2024-43640 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2025-07-08 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-43447 | 1 Microsoft | 1 Windows Server 2022 | 2025-07-08 | 8.1 High |
| Windows SMBv3 Server Remote Code Execution Vulnerability | ||||
| CVE-2024-43514 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 7.8 High |
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | ||||
| CVE-2022-28390 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2025-06-25 | 7.8 High |
| ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||||
| CVE-2023-26545 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2025-06-25 | 4.7 Medium |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | ||||
| CVE-2024-21606 | 1 Juniper | 33 Junos, Srx100, Srx110 and 30 more | 2025-06-17 | 7.5 High |
| A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. | ||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2025-06-17 | 6.7 Medium |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | ||||