Total
7342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70968 | 1 Freeimage Project | 1 Freeimage | 2026-06-17 | N/A | 9.8 CRITICAL |
| FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | |||||
| CVE-2025-6973 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. | |||||
| CVE-2025-6972 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. | |||||
| CVE-2025-6971 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. | |||||
| CVE-2025-6856 | 1 Hdfgroup | 1 Hdf5 | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6706 | 1 Mongodb | 1 Mongodb | 2026-06-17 | N/A | 5.0 MEDIUM |
| An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled. | |||||
| CVE-2025-6661 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26823. | |||||
| CVE-2025-6646 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 3.3 LOW |
| PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26643. | |||||
| CVE-2025-6645 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26642. | |||||
| CVE-2025-6644 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26536. | |||||
| CVE-2025-6640 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26527. | |||||
| CVE-2025-6636 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-06-17 | N/A | 7.8 HIGH |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-6424 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 9.8 CRITICAL |
| A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12. | |||||
| CVE-2025-6349 | 1 Arm | 2 5th Gen Gpu Architecture Kernel Driver, Valhall Gpu Kernel Driver | 2026-06-17 | N/A | 5.1 MEDIUM |
| Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1. | |||||
| CVE-2025-6275 | 1 Webassembly | 1 Wabt | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future. | |||||
| CVE-2025-6192 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6119 | 1 Assimp | 1 Assimp | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2025-68817 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. | |||||
| CVE-2025-68656 | 1 Espressif | 1 Usb Host Hid Driver | 2026-06-17 | N/A | 6.8 MEDIUM |
| Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested but continues to use the stale local pointer, leading to an immediate use-after-free when processing attacker-controlled Report Descriptor lengths. This vulnerability is fixed in 1.1.0. | |||||