Total
5766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9394 | 1 Podofo Project | 1 Podofo | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue. | |||||
| CVE-2024-45434 | 2025-09-12 | N/A | 9.8 CRITICAL | ||
| OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs. | |||||
| CVE-2025-54908 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-09-12 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54904 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-12 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54903 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-12 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54906 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-09-12 | N/A | 7.8 HIGH |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54896 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-12 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54258 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-55224 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||||
| CVE-2025-55223 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-7425 | 2025-09-11 | N/A | 7.8 HIGH | ||
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. | |||||
| CVE-2025-50518 | 2025-09-11 | N/A | 9.8 CRITICAL | ||
| A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly. | |||||
| CVE-2025-54112 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54912 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54105 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54102 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54257 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | |||||
| CVE-2025-54902 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53802 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54242 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | |||||