Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8336

Summary
Assigner-mongodb
Assigner Org ID-a39b4221-9bd0-4244-95fc-f3e2e07f1deb
Published At-13 May, 2026 | 00:16
Updated At-15 May, 2026 | 16:16
Rejected At-
Credits

Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in a specific way, resulting in a post-authentication denial-of-service. This issue impacts MongoDB Server v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mongodb
Assigner Org ID:a39b4221-9bd0-4244-95fc-f3e2e07f1deb
Published At:13 May, 2026 | 00:16
Updated At:15 May, 2026 | 16:16
Rejected At:
▼CVE Numbering Authority (CNA)
Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in a specific way, resulting in a post-authentication denial-of-service. This issue impacts MongoDB Server v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Affected Products
Vendor
MongoDB, Inc.
Product
MongoDB Server
Default Status
unaffected
Versions
Affected
  • From 8.2 before 8.2.9 (custom)
  • From 8.3 before 8.3.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
4.07.7HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Red
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Red
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.mongodb.org/browse/SERVER-121610
issue-tracking
Hyperlink: https://jira.mongodb.org/browse/SERVER-121610
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@mongodb.com
Published At:13 May, 2026 | 04:17
Updated At:18 May, 2026 | 12:54

After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in a specific way, resulting in a post-authentication denial-of-service. This issue impacts MongoDB Server v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.7HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Red
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 8.2.0(inclusive) to 8.2.9(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 8.3.0(inclusive) to 8.3.2(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarycna@mongodb.com
CWE ID: CWE-416
Type: Secondary
Source: cna@mongodb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.mongodb.org/browse/SERVER-121610cna@mongodb.com
Issue Tracking
Vendor Advisory
Hyperlink: https://jira.mongodb.org/browse/SERVER-121610
Source: cna@mongodb.com
Resource:
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

70Records found
CVE-2025-27365
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.07%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 21:24
Updated-28 Aug, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Operator denial of service

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10  Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Action-Not Available
Vendor-IBM Corporation
Product-MQ Operator
CWE ID-CWE-416
Use After Free
CVE-2010-0629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.28% / 84.87%
||
7 Day CHG~0.00%
Published-07 Apr, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMIT (Massachusetts Institute of Technology)SUSEFedora Project
Product-ubuntu_linuxkerberos_5linux_enterprisefedoraopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2020-25269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.92% / 76.25%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 04:43
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.

Action-Not Available
Vendor-inspircdn/aDebian GNU/Linux
Product-debian_linuxinspircdn/a
CWE ID-CWE-416
Use After Free
CVE-2021-47259
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.48%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 14:19
Updated-11 May, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NFS: Fix use-after-free in nfs4_init_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting somewhere between 5.7 and 5.10, but I traced the patch that introduced the clear_bit() call to 4.13. So something must have changed in the refcounting of the clp pointer to make this call to nfs_put_client() the very last one.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2020-10760
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.35% / 85.08%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 18:02
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESambaFedora Project
Product-ubuntu_linuxfedorasambaleapSamba
CWE ID-CWE-416
Use After Free
CVE-2026-21921
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.02% / 6.01%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 20:28
Updated-23 Jan, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and unsubscribing to sensors chassisd or rpd will crash

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This issue affects:  Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OS EvolvedJunos OS
CWE ID-CWE-416
Use After Free
CVE-2020-10730
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-3.14% / 87.03%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 13:38
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSESambaFedora ProjectRed Hat, Inc.
Product-debian_linuxsambafedorastorageleapSamba
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-20854
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG+0.03%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025Windows 11 Version 25H2
CWE ID-CWE-416
Use After Free
CVE-2025-62504
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.79%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 21:23
Updated-29 Oct, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured per_connection_buffer_limit_bytes (default 1MB), Envoy generates a local reply whose headers override the original response headers, leaving dangling references and causing a crash. This results in denial of service. Updating to versions 1.36.2, 1.35.6, 1.34.10, or 1.33.12 fixes the issue. Increasing per_connection_buffer_limit_bytes (and for HTTP/2 the initial_stream_window_size) or increasing per_request_buffer_limit_bytes / request_body_buffer_limit can reduce the likelihood of triggering the condition but does not correct the underlying memory safety flaw.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2023-38184
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.77% / 86.19%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2023-1193
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.53%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 19:10
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in setup_async_work()

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Fedora Project
Product-linux_kernelRed Hat Enterprise Linux 9FedoraRed Hat Enterprise Linux 7KernelRed Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-416
Use After Free
CVE-2023-1192
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 19:01
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-after-free in smb2_is_status_io_timeout()

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Fedora Project
Product-enterprise_linuxlinux_kernelRed Hat Enterprise Linux 9FedoraRed Hat Enterprise Linux 7kernelRed Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-416
Use After Free
CVE-2024-27239
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:33
Updated-01 Oct, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Divide By Zero

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplaceroomsZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2024-38138
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.06% / 88.64%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Deployment Services Remote Code Execution Vulnerability

Windows Deployment Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019
CWE ID-CWE-416
Use After Free
CVE-2019-19344
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.19% / 84.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 00:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

Action-Not Available
Vendor-Canonical Ltd.openSUSESambaSynology, Inc.Red Hat, Inc.
Product-leapdiskstation_managerdirectory_serverubuntu_linuxrouter_managerskynassambasamba
CWE ID-CWE-416
Use After Free
CVE-2025-59946
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-27 Dec, 2025 | 00:40
Updated-30 Jan, 2026 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoMQ has a Use After Free vulnerability via sub info list

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

Action-Not Available
Vendor-emqxnanomq
Product-nanomqnanomq
CWE ID-CWE-416
Use After Free
CVE-2023-35942
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 6.20%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:24
Updated-24 Oct, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Envoy's gRPC access log crash caused by the listener draining

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-416
Use After Free
CVE-2024-33068
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.60%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:04
Updated-07 Nov, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in WLAN Host Communication

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830qca6777aqsxr2230p_firmwareqca8337qam8650pqfw7124sg8275p_firmwareqcf8001qam8775pqamsrv1mqca6777aq_firmwareqcn6224_firmwareqcn5124wsa8840qca8082qca8386srv1l_firmwarewcn6755_firmwareqca6595au_firmwarevideo_collaboration_vc3_platformwcd9370ssg2115pqca6584au_firmwarewcn3990_firmwaresnapdragon_8_gen_2_mobile_platformqcn9000_firmwareqamsrv1hqca6554a_firmwarewcd9385_firmwareqam8295pwcn7881_firmwareqca8386_firmwareqamsrv1h_firmwarewcn3660bqca8084_firmwareqcn6412qcn5124_firmwareqca6688aqqam8295p_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca8082_firmwareqca6574au_firmwaresa7255pqcn6422_firmwarewsa8845h_firmwarewcd9375_firmwaresnapdragon_8_gen_3_mobile_platformqfw7114qca8081_firmwareqca6595ausnapdragon_429_mobile_platformwcn7860qca6564au_firmwaresa8620p_firmwaresa6155p_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcn9274wcn7881snapdragon_x72_5g_modem-rf_systemqca6678aq_firmwaresa8775p_firmwareqcs6490wsa8840_firmwareqca6698aqvideo_collaboration_vc5_platformqcf8001_firmwareqcs8550_firmwaresm8635wcn7880_firmwaresrv1hqcn9074qca8085sdx65msa7775p_firmwarewcd9340sa8195pqcn6224vision_intelligence_400_platformwsa8845hwcn6755wcd9395_firmwarewcd9335snapdragon_x75_5g_modem-rf_systemsnapdragon_ar2_gen_1_platform_firmwaresm8750p_firmwaresm8750_firmwaresa8255p_firmwaresa6155pqcs7230snapdragon_auto_5g_modem-rf_gen_2qcf8000sdx65m_firmwaresa7775psxr2250pqca8081qca6698aq_firmwareqam8620pwcd9385wcd9341snapdragon_auto_5g_modem-rf_gen_2_firmwaresa8770p_firmwaresa8255pqca8085_firmwareqca6696_firmwareqcs6490_firmwareqam8775p_firmwareimmersive_home_3210_platformipq9008_firmwareqca6797aqar8035wcd9375wcd9390vision_intelligence_400_platform_firmwareqcc710_firmwarewsa8830_firmwarewcn3620_firmwarewsa8835_firmwarewcn3620sa8195p_firmwarevideo_collaboration_vc5_platform_firmwaresxr2250p_firmwaresa8295p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresa8770pqca6787aq_firmwareqca6688aq_firmwarewcd9380_firmwareqca8337_firmwaressg2125pwcn3990qcn9000sdm429wqcf8000_firmwareqca6554aqca6595qca8084qcm8550qca6564auqcs7230_firmwareipq9008immersive_home_326_platform_firmwarewsa8835qca6574sxr1230p_firmwaresdm429w_firmwareqcn6402_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcd9380qcn6274qcn6422snapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6574asxr1230pvideo_collaboration_vc3_platform_firmwaresg8275pwcd9335_firmwareqfw7114_firmwareqcn9274_firmwarewsa8845ipq5312sa8650psa9000pqca6574_firmwarewcd9340_firmwaresxr2230pwsa8845_firmwareqcs8250wcn3660b_firmwaresm8750psa8775pqca6574a_firmwareqcn9024ipq9574_firmwareqca6391immersive_home_3210_platform_firmwareipq5302sa8295pfastconnect_7800qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemwcn7861_firmwareqca6678aqwsa8832_firmwaresa8650p_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900srv1h_firmwarefastconnect_6900_firmwareqcn6432_firmwareqca6797aq_firmwareqca6574auipq5312_firmwaresa8155p_firmwaresrv1lipq9574qcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwaresnapdragon_8\+_gen_2_mobile_platformfastconnect_7800_firmwaresa8620pwsa8832qcn6412_firmwareipq5332_firmwaresm8550pipq5332ipq5302_firmwaresrv1m_firmwaresnapdragon_ar2_gen_1_platformqamsrv1m_firmwareimmersive_home_326_platformsm8750qam8650p_firmwareqcc710wcn7860_firmwareqca6595_firmwarewcn7861wcd9395qca6696qca6787aqqca6391_firmwareqcs8550wcd9370_firmwaresm8550p_firmwarewcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8155pqcn6402srv1mssg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwareqam8255pqcn6432ar8035_firmwareSnapdragonqam8255p_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareqcf8000_firmwaresg8275p_firmwareqcs7230_firmwarear8035_firmwareqca6777aq_firmwareqcn6224_firmwareimmersive_home_326_platform_firmwaresxr1230p_firmwareqcn6402_firmwaresdm429w_firmwaresrv1l_firmwarewcn6755_firmwareqca6595au_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaressg2125p_firmwaresm8635_firmwareqca6584au_firmwarewcn3990_firmwareqcn9000_firmwarewcd9335_firmwareqcn9274_firmwareqfw7114_firmwareqca6554a_firmwarequalcomm_video_collaboration_vc3_platform_firmwarewcd9385_firmwarewcn7881_firmwareqca8386_firmwareqamsrv1h_firmwareqca6574_firmwarewcd9340_firmwareqca8084_firmwareqcn5124_firmwarewsa8845_firmwareqam8295p_firmwarewcn3660b_firmwareqca8082_firmwaresa9000p_firmwaresnapdragon_429_mobile_platform_firmwareqca6574au_firmwareqca6574a_firmwareqcn6422_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwareipq9574_firmwareimmersive_home_3210_platform_firmwareqca6564au_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqca6678aq_firmwareqcn6274_firmwaresa8775p_firmwarewcn7861_firmwarewsa8840_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcf8001_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwareqca6797aq_firmwareipq5312_firmwareqcn6432_firmwarewcn7880_firmwaresa8155p_firmwaresa7775p_firmwareqcn9024_firmwaresa7255p_firmwareqcs8250_firmwarewcd9341_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwaresm8750_firmwaresm8750p_firmwarewcd9395_firmwareqcn6412_firmwareipq5332_firmwareipq5302_firmwareqca6698aq_firmwareqamsrv1m_firmwaresdx65m_firmwaresrv1m_firmwareqam8650p_firmwaresa8770p_firmwareqca8085_firmwareqam8775p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6696_firmwareqcs6490_firmwarewcn7860_firmwareqca6595_firmwareipq9008_firmwareqca6391_firmwarewcd9370_firmwaresm8550p_firmwarequalcomm_video_collaboration_vc5_platform_firmwareqcc710_firmwarevision_intelligence_400_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewsa8830_firmwarewcd9390_firmwarewcn3620_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwareqcn9074_firmwareqam8620p_firmwareqfw7124_firmwaresa8295p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqca6688aq_firmwareqca6787aq_firmware
CWE ID-CWE-416
Use After Free
CVE-2024-27246
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:32
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Use After Free

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2024-25767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.04%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-01 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • Next
Details not found