Total
6117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22068 | 1 Linux | 1 Linux Kernel | 2025-05-06 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->canceling is set, the uring_cmd can be done via ublk_cancel_cmd() and io_uring_cmd_done(). So set ubq->canceling when queue is frozen, this way makes sure that the flag can be observed from ublk_queue_rq() reliably, and avoids use-after-free on uring_cmd. | ||||
| CVE-2022-3314 | 1 Google | 1 Chrome | 2025-05-06 | 6.5 Medium |
| Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-3309 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | 6.5 Medium |
| Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2024-38229 | 4 Apple, Linux, Microsoft and 1 more | 6 Macos, Linux Kernel, .net and 3 more | 2025-05-06 | 8.1 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-35264 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-06 | 8.1 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2022-26717 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Itunes and 5 more | 2025-05-06 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2024-27975 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-23658 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | 4.4 Medium |
| In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-32903 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2025-1884 | 2025-05-05 | 7.8 High | ||
| Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file. | ||||
| CVE-2022-33981 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | 3.3 Low |
| drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | ||||
| CVE-2022-23597 | 1 Element | 1 Desktop | 2025-05-05 | 8.3 High |
| Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution. | ||||
| CVE-2022-23308 | 7 Apple, Debian, Fedoraproject and 4 more | 46 Ipados, Iphone Os, Mac Os X and 43 more | 2025-05-05 | 7.5 High |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | ||||
| CVE-2021-36980 | 2 Openvswitch, Redhat | 3 Openvswitch, Enterprise Linux, Openshift | 2025-05-05 | 5.5 Medium |
| Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | ||||
| CVE-2021-30560 | 4 Debian, Google, Splunk and 1 more | 4 Debian Linux, Chrome, Universal Forwarder and 1 more | 2025-05-05 | 8.8 High |
| Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-9715 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2025-05-05 | 7.8 High |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2020-9567 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 7.8 High |
| Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2020-9566 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 7.8 High |
| Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2024-38078 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2025-05-05 | 7.5 High |
| Xbox Wireless Adapter Remote Code Execution Vulnerability | ||||
| CVE-2024-38066 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-05 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||