Total
6382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49682 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-08-23 | 7.3 High |
| Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49675 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49665 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-23 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49660 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48821 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.1 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-48806 | 1 Microsoft | 16 Mpeg-2 Video Extension, Windows 10 1507, Windows 10 1607 and 13 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | ||||
| CVE-2025-48000 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49735 | 1 Microsoft | 9 Server, Windows, Windows Server and 6 more | 2025-08-23 | 8.1 High |
| Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49726 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49711 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47991 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49677 | 1 Microsoft | 1 Windows 11 22h2 | 2025-08-23 | 7 High |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47986 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 8.8 High |
| Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47976 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-25648 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | 8.8 High |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2024-25938 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-22 | 8.8 High |
| A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2023-49606 | 2 Tinyproxy, Tinyproxy Project | 2 Tinyproxy, Tinyproxy | 2025-08-22 | 9.8 Critical |
| A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2025-31239 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-08-22 | 4.3 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-9157 | 1 Appneta | 1 Tcpreplay | 2025-08-21 | 5.3 Medium |
| A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-21436 | 1 Qualcomm | 50 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 47 more | 2025-08-20 | 7.8 High |
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | ||||