Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-7531

Summary
Assigner-wolfSSL
Assigner Org ID-50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At-25 Jun, 2026 | 20:01
Updated At-26 Jun, 2026 | 13:17
Rejected At-
Credits

Use-after-free in PQC hybrid key-share handling

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:wolfSSL
Assigner Org ID:50d2cd11-d01a-48ed-9441-5bfce9d63b27
Published At:25 Jun, 2026 | 20:01
Updated At:26 Jun, 2026 | 13:17
Rejected At:
â–¼CVE Numbering Authority (CNA)
Use-after-free in PQC hybrid key-share handling

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

Affected Products
Vendor
wolfSSL
Product
wolfSSL
Collection URL
https://github.com/wolfSSL/wolfssl
Default Status
unaffected
Versions
Affected
  • From 5.8.0 through 5.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Thai Duong (Calif.io / Anthropic)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/wolfSSL/wolfssl/pull/10327
patch
https://www.wolfssl.com/docs/security-vulnerabilities/
N/A
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10327
Resource:
patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:facts@wolfssl.com
Published At:25 Jun, 2026 | 20:17
Updated At:26 Jun, 2026 | 16:53

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

wolfssl
wolfssl
>>wolfssl>>Versions from 5.8.0(inclusive) to 5.9.2(exclusive)
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondaryfacts@wolfssl.com
CWE ID: CWE-416
Type: Secondary
Source: facts@wolfssl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/wolfSSL/wolfssl/pull/10327facts@wolfssl.com
Issue Tracking
Patch
https://www.wolfssl.com/docs/security-vulnerabilities/facts@wolfssl.com
Vendor Advisory
Hyperlink: https://github.com/wolfSSL/wolfssl/pull/10327
Source: facts@wolfssl.com
Resource:
Issue Tracking
Patch
Hyperlink: https://www.wolfssl.com/docs/security-vulnerabilities/
Source: facts@wolfssl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

369Records found

CVE-2024-38924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.55% / 41.72%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 00:00
Updated-17 Dec, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` .

Action-Not Available
Vendor-openroboticsn/a
Product-robot_operating_systemn/a
CWE ID-CWE-416
Use After Free
CVE-2024-38926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.57% / 43.04%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 00:00
Updated-17 Dec, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`.

Action-Not Available
Vendor-openroboticsn/a
Product-robot_operating_systemn/a
CWE ID-CWE-416
Use After Free
CVE-2024-38140
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.81% / 88.75%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2019-13224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.05% / 89.39%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 13:50
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectThe PHP GroupDebian GNU/Linux
Product-ubuntu_linuxphponigurumadebian_linuxfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2024-38199
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.23% / 80.59%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2024-37030
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-0.57% / 42.97%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2008-5038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.21% / 92.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2008 | 20:18
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryn/a
CWE ID-CWE-416
Use After Free
CVE-2021-28305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.32% / 67.35%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.

Action-Not Available
Vendor-dieseln/a
Product-dieseln/a
CWE ID-CWE-416
Use After Free
CVE-2024-32900
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 6.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-19 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-416
Use After Free
CVE-2019-10509
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 55.83%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_665sd_625_firmwaresd_450sd_845qcs605sd_632_firmwaresd_835_firmwaresd_835qca6574au_firmwaresda660msm8909wsd_665_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwaresd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630qcs405sd_625qca6574ausd_820_firmwaresd_636_firmwaresd_439_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_850_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2025-52910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 27.73%
||
7 Day CHG+0.03%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_1280_firmwareexynos_1380exynos_1330exynos_2400_firmwareexynos_2400exynos_1330_firmwareexynos_1280exynos_1480_firmwaren/a
CWE ID-CWE-416
Use After Free
CVE-2024-30080
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-43.15% / 98.56%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11_22h2windows_10_1507windows_11_23h2windows_server_2008windows_10_21h1windows_server_2022windows_server_2022_23h2windows_server_2019windows_11_21h2windows_10_1809windows_server_2012windows_10_1607Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows 11 version 22H2Windows Server 2012Windows 11 version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2019-10528
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 49.05%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_855sd_730_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresdx20sd_425sdm660sdx24sd_430_firmwaremdm9607_firmwaresd_435mdm9650sd_636sdm630qcs405sd_625msm8909w_firmwaremdm9607msm8996ausd_210sd_636_firmwaresd_820_firmwaresd_820sd_450_firmwaresd_820a_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_730sd_212_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_855_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwaremdm9206_firmwaresd_427sd_430sd_435_firmwaresd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_835sd_205sda660sd_210_firmwaremsm8909wsd_205_firmwaresdm660_firmwaresd_212mdm9640Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2025-48752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.30% / 21.39%
||
7 Day CHG~0.00%
Published-24 May, 2025 | 00:00
Updated-30 Jan, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.

Action-Not Available
Vendor-forestryksForestryks
Product-process-syncprocess-sync-rs
CWE ID-CWE-416
Use After Free
CVE-2019-10581
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.74%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920sa6155p_firmwaresdm636_firmwaresdm845msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresdx24sm8250_firmwaremsm8940_firmwaresm7150_firmwaresdm710msm8909w_firmwaremdm9607sm6150sdm710_firmwareapq8009sm7150apq8009_firmwaremsm8917sa6155psdm670sxr2130msm8937mdm9207c_firmwareqcs605_firmwaremdm9206mdm9207csdm670_firmwaresm8150_firmwaresdx24_firmwaresxr2130_firmwaresdm636rennellsdm630_firmwarerennell_firmwaremdm9206_firmwareqcs605sdx55msm8940apq8053sm6150_firmwaresm8250msm8917_firmwaremsm8937_firmwaremsm8998sm8150sdx55_firmwarenicobar_firmwaremsm8909wapq8053_firmwaresdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2022-2526
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.16%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Action-Not Available
Vendor-systemd_projectn/aNetApp, Inc.
Product-h500sh410s_firmwareh700s_firmwareactive_iq_unified_managerh300s_firmwaresystemdh500s_firmwareh410sh300sh700ssystemd-resolved
CWE ID-CWE-416
Use After Free
CVE-2024-25110
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.64% / 93.06%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:58
Updated-22 Nov, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure IoT Platform Device SDK Remote Code Execution Vulnerability

The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-AzureMicrosoft Corporation
Product-azure_uamqpazure-uamqp-c
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-416
Use After Free
CVE-2024-24794
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-1.05% / 60.24%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 10:37
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.

Action-Not Available
Vendor-nihImaging Data Commonsimaging_data_commons
Product-libdicomlibdicomlibdicom
CWE ID-CWE-416
Use After Free
CVE-2024-24793
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-1.05% / 60.24%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 10:37
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.

Action-Not Available
Vendor-nihImaging Data Commons
Product-libdicomlibdicom
CWE ID-CWE-416
Use After Free
CVE-2022-20122
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 27.52%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 13:43
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2019-0708
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-29 Oct, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Siemens AGMicrosoft CorporationHuawei Technologies Co., Ltd.
Product-windows_7bh622_v2umamultix_top_p_firmwareoceanstor_18500_firmwarech242ch221_firmwarerh1288_v2_firmwareaxiom_vertix_md_traumamultix_pro_acss_p_firmwaremultix_top_acss_firmwareviva_e_firmwarevertix_solitairerh1288_v2rh2265_v2_firmwarerh2268_v2_firmwarerh5885_v2_firmwaremultix_prorh2288e_v2_firmwareaxiom_multix_mch222multix_top_pmobilett_xp_digital_firmwareaxiom_vertix_md_trauma_firmwaremultix_top_acss_px8000rh2268_v2multix_top_acsslantis_firmwaresmc2.0_firmwarerh5885_v2rh5885_v3_firmwarelantismultix_pro_pgtsoftx3000multix_pro_firmwareagile_controller-campus_firmwarex6000_firmwareaptio_firmwarerh1288a_v2_firmwareatellica_solutionch222_firmwareviva_twin_firmwaree6000rh2485_v2_firmwareaptiorapidpoint_500_firmwareoceanstor_18800_firmwareoceanstor_18800fespace_ecsbh620_v2_firmwarex6000multix_swingelog_firmwarecentralinkch220multix_pro_navy_firmwarerh2288h_v2multix_pro_navyrh2288a_v2_firmwarech221oceanstor_18800f_firmwarebh622_v2_firmwarech140x8000_firmwaremultix_pro_acss_pbh640_v2streamlaboceanstor_hvs88tmultix_pro_acss_firmwarewindows_server_2008rh2485_v2rh2285_v2rh2285_v2_firmwareelogmultix_swing_firmwaresmc2.0ch240axiom_multix_m_firmwarech240_firmwaremultix_pro_acssagile_controller-campusbh620_v2oceanstor_hvs85tseco_vsm_firmwarerh2288_v2_firmwaremobilett_xp_digitalch242_v3rh2288e_v2viva_twinoceanstor_18800espace_ecs_firmwarecentralink_firmwarerh1288a_v2rh2285h_v2uma_firmwaregtsoftx3000_firmwarech242_firmwarerh2288_v2viva_ech140_firmwarech220_firmwarerh2285h_v2_firmwaremultix_top_firmwarebh640_v2_firmwarerh2288a_v2syngo_lab_process_managermultix_pro_p_firmwaree6000_chassis_firmwareoceanstor_18500rh2288h_v2_firmwareoceanstor_hvs85t_firmwaremultix_toprh5885_v3seco_vsme6000_chassisch121_firmwarevertix_solitaire_firmwareoceanstor_hvs88t_firmwaremultix_top_acss_p_firmwarebh621_v2_firmwarebh621_v2ch121ch242_v3_firmwareaxiom_vertix_solitaire_m_firmwarerh2265_v2e6000_firmwareaxiom_vertix_solitaire_mrapidpoint_500atellica_solution_firmwarestreamlab_firmwareWindowsWindows ServerRemote Desktop Services
CWE ID-CWE-416
Use After Free
CVE-2024-24189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 48.14%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.

Action-Not Available
Vendor-jsishn/a
Product-jsishn/a
CWE ID-CWE-416
Use After Free
CVE-2024-2410
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.6||HIGH
EPSS-0.33% / 25.07%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 12:58
Updated-22 Jul, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in C++ protobuf

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. 

Action-Not Available
Vendor-protocolbuffersGoogle LLC
Product-protobufprotobufprotobuf
CWE ID-CWE-416
Use After Free
CVE-2024-23310
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 74.44%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 15:29
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Projectthe_biosig_projectFedora Project
Product-fedoralibbiosiglibbiosigfedoralibbiosig
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2024-23807
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-1.48% / 70.83%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 13:50
Updated-22 Jan, 2026 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Xerces C++: Use-after-free on external DTD scan

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.

Action-Not Available
Vendor-The Apache Software Foundation
Product-xerces-c\+\+Apache Xerces C++xerces-c
CWE ID-CWE-416
Use After Free
CVE-2025-43222
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 50.31%
||
7 Day CHG+0.04%
Published-29 Jul, 2025 | 23:29
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosmacOSiPadOS
CWE ID-CWE-416
Use After Free
CVE-2019-10125
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.26% / 91.54%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 05:15
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelcn1610hci_management_nodeactive_iq_unified_managercn1610_firmwaresnapprotectsolidfiren/a
CWE ID-CWE-416
Use After Free
CVE-2024-22088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.74%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 00:00
Updated-04 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

Action-Not Available
Vendor-chendotjsn/a
Product-lotos_webservern/a
CWE ID-CWE-416
Use After Free
CVE-2022-1795
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.97% / 57.65%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in gpac/gpac

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-416
Use After Free
CVE-2017-10672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.93% / 94.02%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

Action-Not Available
Vendor-xml-libxml_projectn/aDebian GNU/Linux
Product-debian_linuxxml-libxmln/a
CWE ID-CWE-416
Use After Free
CVE-2024-21334
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.16% / 97.14%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-open_management_infrastructuresystem_center_operations_managerOpen Management InfrastructureSystem Center Operations Manager (SCOM) 2022System Center Operations Manager (SCOM) 2019
CWE ID-CWE-416
Use After Free
CVE-2022-23608
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-3.99% / 89.26%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:00
Updated-04 Nov, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in PJSIP

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.

Action-Not Available
Vendor-teluupjsipSangoma Technologies Corp.Debian GNU/LinuxAsterisk
Product-pjsipasteriskcertified_asteriskdebian_linuxpjproject
CWE ID-CWE-416
Use After Free
CVE-2024-1284
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.25%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 23:15
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2022-21806
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.21% / 80.45%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 17:40
Updated-15 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

Action-Not Available
Vendor-ankerAnker
Product-eufy_homebase_2_firmwareeufy_homebase_2Eufy Homebase 2
CWE ID-CWE-368
Context Switching Race Condition
CWE ID-CWE-416
Use After Free
CVE-2018-6641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.67% / 92.05%
||
7 Day CHG~0.00%
Published-28 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.

Action-Not Available
Vendor-wirisn/a
Product-mathtypen/a
CWE ID-CWE-416
Use After Free
CVE-2018-6703
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 86.74%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Logging functionality had a use after free vulnerability in McAfee Agent

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent
CWE ID-CWE-416
Use After Free
CVE-2020-6838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 70.94%
||
7 Day CHG~0.00%
Published-11 Jan, 2020 | 02:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.

Action-Not Available
Vendor-mrubyn/a
Product-mrubyn/a
CWE ID-CWE-416
Use After Free
CVE-2023-5172
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 52.48%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 14:13
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CVE-2023-5174
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 58.24%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 14:13
Updated-05 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefox_esrthunderbirdwindowsfirefoxFirefox ESRThunderbirdFirefox
CWE ID-CWE-416
Use After Free
CVE-2023-50716
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.72% / 49.53%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 17:23
Updated-16 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid DATA_FRAG Submessage causes a bad-free error

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.

Action-Not Available
Vendor-eprosimaeProsima
Product-fast_ddsFast-DDS
CWE ID-CWE-416
Use After Free
CVE-2023-49606
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-63.08% / 99.10%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 15:31
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-tinyproxy_projectTinyproxytinyproxy
Product-tinyproxyTinyproxytinyproxy
CWE ID-CWE-416
Use After Free
CVE-2026-4691
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.17%
||
7 Day CHG-0.01%
Published-24 Mar, 2026 | 12:30
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the CSS Parsing and Computation component

Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-4696
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 38.17%
||
7 Day CHG-0.01%
Published-24 Mar, 2026 | 12:30
Updated-01 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the Layout: Text and Fonts component

Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)
CWE ID-CWE-416
Use After Free
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-4701
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 36.72%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-12 May, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-416
Use After Free
CVE-2026-4711
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 31.75%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the Widget: Cocoa component

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-416
Use After Free
CVE-2026-4723
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 31.25%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:30
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox
CWE ID-CWE-416
Use After Free
CVE-2023-46850
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 78.14%
||
7 Day CHG~0.00%
Published-11 Nov, 2023 | 00:15
Updated-23 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Action-Not Available
Vendor-openvpnOpenVPNFedora ProjectDebian GNU/Linux
Product-openvpnopenvpn_access_serverdebian_linuxfedoraOpenVPN 2 (Community)Access Server
CWE ID-CWE-416
Use After Free
CVE-2026-47310
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-7.8||HIGH
EPSS-0.29% / 20.52%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 04:52
Updated-02 Jun, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Action-Not Available
Vendor-Samsung Open SourceSamsung
Product-escargotEscargot
CWE ID-CWE-416
Use After Free
CVE-2016-10150
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-10.18% / 95.10%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 06:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2026-45185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.16%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 00:00
Updated-14 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Action-Not Available
Vendor-Exim
Product-Exim
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found