Total
7290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30661 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-0920 | 3 Debian, Google, Linux | 3 Debian Linux, Android, Linux Kernel | 2025-10-23 | 6.9 MEDIUM | 6.4 MEDIUM |
| In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | |||||
| CVE-2021-1048 | 1 Google | 1 Android | 2025-10-23 | 7.2 HIGH | 7.8 HIGH |
| In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | |||||
| CVE-2025-48543 | 1 Google | 1 Android | 2025-10-23 | N/A | 8.8 HIGH |
| In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21608 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-10-23 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28550 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-0151 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-22 | N/A | 8.5 HIGH |
| Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2025-59290 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-10-22 | N/A | 7.8 HIGH |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-48008 | 1 F5 | 23 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 20 more | 2025-10-21 | N/A | 7.5 HIGH |
| When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-47342 | 1 Qualcomm | 16 Qcc5161, Qcc5161 Firmware, Qcc7225 and 13 more | 2025-10-21 | N/A | 7.1 HIGH |
| Transient DOS may occur when multi-profile concurrency arises with QHS enabled. | |||||
| CVE-2025-46710 | 1 Imaginationtech | 1 Ddk | 2025-10-21 | N/A | 5.7 MEDIUM |
| Possible kernel exceptions caused by reading and writing kernel heap data after free. | |||||
| CVE-2025-48004 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-10-21 | N/A | 7.4 HIGH |
| Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-53768 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2025-10-20 | N/A | 7.8 HIGH |
| Use after free in Xbox allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53150 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-10-20 | N/A | 7.8 HIGH |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-62170 | 1 Rathena | 1 Rathena | 2025-10-20 | N/A | 7.5 HIGH |
| rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of service by crashing the map-server. This issue has been patched in commit af2f3ba. There are no known workarounds aside from manually applying the patch. | |||||
| CVE-2025-46709 | 1 Imaginationtech | 1 Ddk | 2025-10-17 | N/A | 7.5 HIGH |
| Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. | |||||
| CVE-2025-54101 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-17 | N/A | 4.8 MEDIUM |
| Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-59202 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-10-17 | N/A | 7.0 HIGH |
| Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-57875 | 1 Linux | 1 Linux Kernel | 2025-10-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace_pointer() with the disk zone_wplugs_lock spinlock held. disk_free_zone_resources() is modified to call disk_update_zone_resources() with a NULL bitmap pointer to free the disk conv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in disk_update_zone_resources() to set the new (revalidated) bitmap and free the old one. | |||||
| CVE-2025-59206 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-10-17 | N/A | 7.4 HIGH |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | |||||