Total
6376 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48798 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-09-12 | 7.3 High |
| A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. | ||||
| CVE-2025-54258 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | 7.8 High |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | ||||
| CVE-2025-50518 | 1 Libcoap | 1 Libcoap | 2025-09-11 | 9.8 Critical |
| A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly. | ||||
| CVE-2025-10200 | 1 Google | 1 Chrome | 2025-09-11 | 8.8 High |
| Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2024-53194 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-11 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot firmware"), USB4 v2 and v1 Host Routers are reset on probe of the thunderbolt driver. The reset clears the Presence Detect State and Data Link Layer Link Active bits at the USB4 Host Router's Root Port and thus causes hot removal of the dock. The crash occurs when pciehp is unbound from one of the dock's Downstream Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The pci_slot contains a pointer to the pci_bus below the Downstream Port, but a reference on that pci_bus is never acquired. The pci_bus is destroyed before the pci_slot, so a use-after-free ensues when pci_slot_release() accesses slot->bus. In principle this should not happen because pci_stop_bus_device() unbinds pciehp (and therefore destroys the pci_slot) before the pci_bus is destroyed by pci_remove_bus_device(). However the stacktrace provided by Dennis shows that pciehp is unbound from pci_remove_bus_device() instead of pci_stop_bus_device(). To understand the significance of this, one needs to know that the PCI core uses a two step process to remove a portion of the hierarchy: It first unbinds all drivers in the sub-hierarchy in pci_stop_bus_device() and then actually removes the devices in pci_remove_bus_device(). There is no precaution to prevent driver binding in-between pci_stop_bus_device() and pci_remove_bus_device(). In Dennis' case, it seems removal of the hierarchy by pciehp races with driver binding by pci_bus_add_devices(). pciehp is bound to the Downstream Port after pci_stop_bus_device() has run, so it is unbound by pci_remove_bus_device() instead of pci_stop_bus_device(). Because the pci_bus has already been destroyed at that point, accesses to it result in a use-after-free. One might conclude that driver binding needs to be prevented after pci_stop_bus_device() has run. However it seems risky that pci_slot points to pci_bus without holding a reference. Solely relying on correct ordering of driver unbind versus pci_bus destruction is certainly not defensive programming. If pci_slot has a need to access data in pci_bus, it ought to acquire a reference. Amend pci_create_slot() accordingly. Dennis reports that the crash is not reproducible with this change. Abridged stacktrace: pcieport 0000:00:07.0: PME: Signaling with IRQ 156 pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ pci_bus 0000:20: dev 00, created physical slot 12 pcieport 0000:00:07.0: pciehp: Slot(12): Card not present ... pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0 Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1 RIP: 0010:dev_driver_string+0x12/0x40 pci_destroy_slot pciehp_remove pcie_port_remove_service device_release_driver_internal bus_remove_device device_del device_unregister remove_iter device_for_each_child pcie_portdrv_remove pci_device_remove device_release_driver_internal bus_remove_device device_del pci_remove_bus_device (recursive invocation) pci_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist | ||||
| CVE-2025-8176 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 5.3 Medium |
| A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-57616 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | 7.5 High |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through a mutable pointer while only holding an immutable reference, which can lead to undefined behavior when the data is accessed later. | ||||
| CVE-2025-20006 | 1 Intel | 4 Proset\/wireless Wifi, Wi-fi 7 Be200, Wi-fi 7 Be201 and 1 more | 2025-09-10 | 7.4 High |
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20046 | 1 Intel | 10 Proset\/wireless Wifi, Wi-fi 6 Ax101, Wi-fi 6 Ax200 and 7 more | 2025-09-10 | 8 High |
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20062 | 1 Intel | 8 Proset\/wireless Wifi, Wi-fi 6 Ax101, Wi-fi 6 Ax201 and 5 more | 2025-09-10 | 6.1 Medium |
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-4418 | 1 Redhat | 3 Advanced Virtualization, Enterprise Linux, Rhel Eus | 2025-09-10 | 6.2 Medium |
| A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. | ||||
| CVE-2023-3019 | 2 Qemu, Redhat | 4 Qemu, Advanced Virtualization, Enterprise Linux and 1 more | 2025-09-10 | 6 Medium |
| A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. | ||||
| CVE-2025-30385 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-09-10 | 7.8 High |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29841 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-09-10 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29831 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-09-10 | 7.5 High |
| Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-32709 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-10 | 7.8 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32701 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 7.8 High |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30400 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-10 | 7.8 High |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30393 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-09-10 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30386 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-10 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||