Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-2763

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-24 Feb, 2026 | 13:33
Updated At-28 Feb, 2026 | 02:27
Rejected At-
Credits

Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:24 Feb, 2026 | 13:33
Updated At:28 Feb, 2026 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)
Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Affected
  • From unspecified before 148 (custom)
Vendor
Mozilla CorporationMozilla
Product
Firefox ESR
Versions
Affected
  • From unspecified before 115.33 (custom)
Vendor
Mozilla CorporationMozilla
Product
Firefox ESR
Versions
Affected
  • From unspecified before 140.8 (custom)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 148 (custom)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 140.8 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Information to follow
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=2012018
N/A
https://www.mozilla.org/security/advisories/mfsa2026-13/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-14/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-15/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-16/
N/A
https://www.mozilla.org/security/advisories/mfsa2026-17/
N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=2012018
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-13/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-14/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-15/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-16/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-17/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:24 Feb, 2026 | 14:16
Updated At:28 Feb, 2026 | 03:16

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 115.33.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions before 148.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions from 128.0(inclusive) to 140.8.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 140.8.0(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 148.0(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-416Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.mozilla.org/show_bug.cgi?id=2012018security@mozilla.org
Issue Tracking
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-14/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-15/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-17/security@mozilla.org
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=2012018
Source: security@mozilla.org
Resource:
Issue Tracking
Permissions Required
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-13/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-14/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-15/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-16/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2026-17/
Source: security@mozilla.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

696Records found
CVE-2020-15675
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.47%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:32
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CVE-2020-15669
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 63.30%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:42
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2020-15670
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.20%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:41
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbirdFirefox for Android
CWE ID-CWE-416
Use After Free
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-1973
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.25% / 88.58%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1974
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 87.01%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1972
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 87.01%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1975
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 87.01%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1976
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.17% / 86.71%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2022-1097
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.73%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefox_esrfirefoxFirefox ESRFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2022-1196
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.64%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2025-3028
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 72.04%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 12:28
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2018-12377
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.57%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2021-43535
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.63%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2021-38498
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2021-38504
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.84%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:21
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2025-1931
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.77%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 13:31
Updated-03 Nov, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2025-13014
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 15:47
Updated-26 Nov, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the Audio/Video component

Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2025-1930
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.98%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 13:31
Updated-04 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2025-10527
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.93%
||
7 Day CHG+0.01%
Published-16 Sep, 2025 | 12:26
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape due to use-after-free in the Graphics: Canvas2D component

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2025-0240
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.78%
||
7 Day CHG+0.01%
Published-07 Jan, 2025 | 16:07
Updated-03 Nov, 2025 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2018-18492
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-33.84% / 96.86%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2024-5694
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CVE-2016-9898
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 85.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2024-5688
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-1.25% / 79.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-04 Apr, 2025 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxFirefox ESRThunderbirdfirefox_esrfirefoxthunderbird
CWE ID-CWE-416
Use After Free
CVE-2019-15232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.95%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 23:57
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

Action-Not Available
Vendor-live555n/a
Product-streaming_median/a
CWE ID-CWE-416
Use After Free
CVE-2023-43552
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.20%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host Communication

Memory corruption while processing MBSSID beacon containing several subelement IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwareimmersive_home_214sa6150p_firmwaresw5100pipq9574qcn9000_firmwareqca6595qcn9022ipq6028_firmwareqca8081_firmwareqca6696wcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcc2073_firmwareqcc710_firmwareipq8076ipq6018_firmwareqcn6422_firmwareqcn6023qcn5124_firmwarewsa8832_firmwareqca8337wcd9395ipq6000ipq8078aqca6574au_firmwareipq8078a_firmwareqam8295pipq5312qca6574auwcd9390wsa8845h_firmwaresa9000p_firmwaresrv1hqcn9100_firmwareqcn5122qca6554aqcn6024_firmwaresa8770pqcn9000ssg2115pqcc710qcn6132_firmwarefastconnect_6900qcn6402qcn6432immersive_home_326_firmwareipq5332_firmwareqcn5052qfw7114wcd9385_firmwareipq9574_firmwareqam8255p_firmwareipq8074a_firmwareipq8076aqcn5164snapdragon_x65_5g_modem-rfwsa8845sa6155pqca6564au_firmwarecsr8811_firmwareqca8075qam8650pvideo_collaboration_vc5_platform_firmwareqca8085sa9000psrv1h_firmwareqca6595ausa6155p_firmwarewsa8840srv1m_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqcn9012ipq8070a_firmwareqcn9070qcf8001qca8084snapdragon_8_gen_2_mobilesdx65mqcc2076ipq9570qca6574asnapdragon_8\+_gen_2_mobilesa8195pwcd9340qcs8250_firmwaresnapdragon_auto_5g_modem-rf_gen_2ipq5302qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988qcn5122_firmwareqcn9274qcn9024ipq8076a_firmwaresa8775pqca6574ipq9570_firmwaresxr2230p_firmwaresa8775p_firmwareqamsrv1hqcn6412_firmwareqcn9024_firmwarewsa8845hqca8082sa6150psa8155p_firmwaresa8155pwsa8830ipq5312_firmwaresm8550pqcf8000_firmwaresa6145pqcn9074_firmwareipq8174immersive_home_318_firmwareqcn6122ipq8174_firmwaresa8255p_firmwareqcc2073ar8035ipq8072aqamsrv1m_firmwaresa8650p_firmwareimmersive_home_216_firmwareimmersive_home_316qcn6224ipq8071aqcn6112qca6698aqssg2125p_firmwareqrb5165nsa8145p_firmwaresa8150p_firmwareqcn6023_firmwareqcn5164_firmwaresnapdragon_x75_5g_modem-rf_firmwareipq8078qcs8250wsa8830_firmwareqcn9072qcn6224_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwareqcc2076_firmwareimmersive_home_216srv1mqca6678aqqcn6432_firmwarear8035_firmwareqcn5022_firmwareqca4024_firmwareqca0000_firmwareipq9008qca6564auipq9008_firmwareqcn9074sa8195p_firmwareqca8337_firmwareqca9888ipq5332qcn9013sg8275p_firmwareipq8173ipq8072a_firmwareipq6010_firmwareqcn6112_firmwareflight_rb5_5gqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq5028qca8085_firmwareqcf8001_firmwareqcn9070_firmwaresa8295p_firmwareqcn9022_firmwareipq5010_firmwareqcn6132ipq6018qca6584auqcn6274_firmwaresw5100_firmwareqfw7114_firmwareqca4024qca6595_firmwareqcs7230fastconnect_7800_firmwareqcn6422immersive_home_214_firmwareipq5302_firmwareipq8070afastconnect_6900_firmwarerobotics_rb5_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa8150pimmersive_home_3210qca8075_firmwareqcf8000qcn5052_firmwaresxr1230pipq6010sdx65m_firmwaresw5100qam8295p_firmwareqcn6402_firmwareqca6698aq_firmwarewcd9385qca8084_firmwaresa8255pqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwareqcn5024sg8275psdx55_firmwareimmersive_home_326ipq8071a_firmwareflight_rb5_5g_firmwaressg2125pqca6554a_firmwareipq6028snapdragon_x65_5g_modem-rf_firmwareqcn9100qamsrv1mrobotics_rb5qam8650p_firmwareqcn9013_firmwarevideo_collaboration_vc5_platformipq8076_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qrb5165n_firmwareqfw7124wcn3980_firmwarewsa8835qca6595au_firmwareqca6391_firmwareqca0000wsa8840_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwareqca8081qcn5124qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwareqcn5152snapdragon_x75_5g_modem-rfqcn6412qca6574a_firmwaresdx55qcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_3210_firmwareqca9889qcn5024_firmwareqca8386qca6391immersive_home_318ipq5010qcn9274_firmwareipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295pipq6000_firmwarefastconnect_7800sa8650pqam8775p_firmwaresnapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwareqca9889_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareimmersive_home_316_firmwareqamsrv1h_firmwareqcn5154sa8145pwsa8835_firmwaressg2115p_firmwarecsr8811qcn5022wcn3980Snapdragonqcn6412_firmwareqca6574a_firmwarewsa8832_firmwareqcn5124_firmwareflight_rb5_5g_platform_firmwaresa8150p_firmwareqcn9024_firmwareqcs7230_firmwareqcn9070_firmwaresrv1h_firmwareqcn6422_firmwarewsa8835_firmwarecsr8811_firmwaresa8255p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwareipq8076a_firmwareqcn9022_firmwareipq8076_firmwareipq8074a_firmwaresa8155p_firmwareqcn6224_firmwareqca8386_firmwareqcn5164_firmwareqcn5052_firmwareimmersive_home_3210_platform_firmwareqca6698aq_firmwareqca8081_firmwareqcn6402_firmwaresa8770p_firmwarewcd9385_firmwarefastconnect_7800_firmwarewsa8845h_firmwareqcm8550_firmwareipq8078_firmwaressg2125p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqca6595_firmwareipq5302_firmwareqca0000_firmwareqcn5152_firmwareqam8650p_firmwareqcn6274_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcc2073_firmwareqca9889_firmwareipq8173_firmwareqcn9012_firmwareipq6018_firmwareqcn9100_firmwaresw5100_firmwaresa9000p_firmwarewcd9340_firmwarear8035_firmwareqca8084_firmwareqcn5022_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwareqcf8001_firmwareqcc710_firmwareqca8075_firmwareqca6574au_firmwareqcf8000_firmwaresa6155p_firmwareqcn9274_firmwareipq8071a_firmwareqcn9074_firmwareqca6678aq_firmwareqcn5122_firmwaresdx65m_firmwareipq5312_firmwareqca6564au_firmwarewcn3980_firmwareqca4024_firmwareqcn9000_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwareqcn9013_firmwareqca8337_firmwareipq6000_firmwareqcn5154_firmwareqca6595au_firmwarewcd9390_firmwareqamsrv1h_firmwaresm8550p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6554a_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwareipq8078a_firmwarewcd9395_firmwaresa6145p_firmwaresa8295p_firmwaresa6150p_firmwaresxr1230p_firmwareqcn9072_firmwareqfw7124_firmwareqca6391_firmwareqcc2076_firmwareipq8174_firmwareipq6010_firmwarefastconnect_6900_firmwarewsa8840_firmwareqca9888_firmwarewcd9380_firmwareqca6584au_firmwareqam8775p_firmwareimmersive_home_216_platform_firmwareipq9008_firmwaresw5100p_firmwareqfw7114_firmwarewsa8830_firmwareqca8085_firmwaresxr2230p_firmwareqam8295p_firmwaressg2115p_firmwareqca6574_firmwaresg8275p_firmwaresa8145p_firmwareqcn6112_firmwareqcn6023_firmwareipq5028_firmwarerobotics_rb5_platform_firmwareipq6028_firmwareipq8072a_firmwareipq9574_firmwareqca6797aq_firmwareipq5010_firmwaresdx55_firmwareqca8082_firmwareipq5332_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwaresa8650p_firmwareqcs8250_firmwareqcn6132_firmware
CWE ID-CWE-416
Use After Free
CVE-2021-33574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.92%
||
7 Day CHG-0.02%
Published-25 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Action-Not Available
Vendor-n/aNetApp, Inc.GNUDebian GNU/LinuxFedora Project
Product-h300eh500scloud_backuph300s_firmwareglibch410sh300sh300e_firmwaredebian_linuxh500eh410s_firmwaree-series_santricity_os_controllerfedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwaresolidfire_baseboard_management_controller_firmwareh700sn/a
CWE ID-CWE-416
Use After Free
CVE-2020-12267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.99%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 01:31
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

Action-Not Available
Vendor-qtn/a
Product-qtn/a
CWE ID-CWE-416
Use After Free
CVE-2021-45701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.84%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:49
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-tremor-scriptn/a
CWE ID-CWE-416
Use After Free
CVE-2021-33390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.57%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.

Action-Not Available
Vendor-dpic_projectn/a
Product-dpicn/a
CWE ID-CWE-416
Use After Free
CVE-2020-11656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.47% / 92.19%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 02:49
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationTenable, Inc.Siemens AG
Product-sinec_infrastructure_network_servicescommunications_messaging_serverontap_select_deploy_administration_utilitysqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologytenable.schyperion_infrastructure_technologymysql_workbenchenterprise_manager_ops_centermysqln/a
CWE ID-CWE-416
Use After Free
CVE-2025-25568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.01%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 00:00
Updated-19 Jul, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack).

Action-Not Available
Vendor-softethern/a
Product-vpnn/a
CWE ID-CWE-416
Use After Free
CVE-2021-32589
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.7||HIGH
EPSS-6.53% / 90.93%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 12:22
Updated-31 Jan, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortiportalfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-416
Use After Free
CVE-2025-26623
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.52%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 19:24
Updated-02 Sep, 2025 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Exiv2
Product-exiv2exiv2
CWE ID-CWE-416
Use After Free
CVE-2021-33391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.42%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.

Action-Not Available
Vendor-n/aHTML Tidy Advocacy Community Group (“HTACG”)Linux Kernel Organization, Inc
Product-linux_kerneltidyn/a
CWE ID-CWE-416
Use After Free
CVE-2021-31166
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.07% / 99.78%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-30 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-27||Apply updates per vendor instructions.
HTTP Protocol Stack Remote Code Execution Vulnerability

HTTP Protocol Stack Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2004windows_10_2004windows_10_20h2windows_server_20h2Windows 10 Version 2004Windows 10 Version 20H2Windows Server version 20H2Windows Server version 2004HTTP Protocol Stack
CWE ID-CWE-416
Use After Free
CVE-2019-13224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 13:50
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectThe PHP GroupDebian GNU/Linux
Product-ubuntu_linuxphponigurumadebian_linuxfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2021-39228
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 67.61%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 14:00
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Safety Issue when using patch or merge on state and assign the result back to state

Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`. In this case, affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be accessed by retrieving the `state`, e.g. send it over TCP or HTTP. This requires the Tremor server (or any other program using tremor-script) to execute a tremor-script script that uses the mentioned language construct. The issue has been patched in version 0.11.6 by removing the optimization and always cloning the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`.

Action-Not Available
Vendor-tremor-rsThe Linux Foundation
Product-tremortremor-runtime
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2016-5771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.59% / 94.09%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

Action-Not Available
Vendor-n/aThe PHP GroupDebian GNU/LinuxopenSUSE
Product-debian_linuxleapopensusephpn/a
CWE ID-CWE-416
Use After Free
CVE-2023-40115
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.01%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 22:31
Updated-13 Dec, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-416
Use After Free
CVE-2020-10018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.28% / 84.42%
||
7 Day CHG-0.44%
Published-02 Mar, 2020 | 22:11
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

Action-Not Available
Vendor-webkitgtkwpewebkitn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorawebkitgtkwpe_webkitleapn/a
CWE ID-CWE-416
Use After Free
CVE-2021-28305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.91%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.

Action-Not Available
Vendor-dieseln/a
Product-dieseln/a
CWE ID-CWE-416
Use After Free
CVE-2023-39453
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.86%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 15:22
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerability.

Action-Not Available
Vendor-accusoftAccusoft
Product-imagegearImageGear
CWE ID-CWE-416
Use After Free
CVE-2023-40187
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 21:21
Updated-13 Feb, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-FreeRDP
Product-freerdpFreeRDP
CWE ID-CWE-416
Use After Free
CVE-2020-0253
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:30
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8214
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 89.80%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-11940
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.42%
||
7 Day CHG~0.00%
Published-04 Dec, 2019 | 16:30
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00.

Action-Not Available
Vendor-Facebook
Product-proxygenProxygen
CWE ID-CWE-416
Use After Free
CVE-2019-8031
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.56%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:52
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2023-39355
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.28% / 50.73%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 19:45
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-416
Use After Free
CVE-2019-8211
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 89.80%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 13
  • 14
  • Next
Details not found