Total
7290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22408 | 1 Google | 1 Android | 2025-09-02 | N/A | 9.8 CRITICAL |
| In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22409 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22410 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22411 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22412 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-4283 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-08-29 | N/A | 7.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2023-1393 | 2 Fedoraproject, X.org | 2 Fedora, X Server | 2025-08-29 | N/A | 7.8 HIGH |
| A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | |||||
| CVE-2023-46691 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 7.9 HIGH |
| Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-2312 | 2 Gnu, Netapp | 3 Grub2, Bootstrap Os, Hci Compute Node | 2025-08-26 | N/A | 6.7 MEDIUM |
| GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass. | |||||
| CVE-2025-1048 | 1 Sonos | 3 Era 300, S1, S2 | 2025-08-25 | N/A | 8.8 HIGH |
| Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535. | |||||
| CVE-2025-21436 | 1 Qualcomm | 50 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 47 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | |||||
| CVE-2025-21437 | 1 Qualcomm | 62 Qam8255p, Qam8255p Firmware, Qam8295p and 59 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing memory map or unmap IOCTL operations simultaneously. | |||||
| CVE-2025-27031 | 1 Qualcomm | 42 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 39 more | 2025-08-20 | N/A | 7.8 HIGH |
| memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | |||||
| CVE-2025-21456 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, C-v2x 9150 and 125 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. | |||||
| CVE-2024-27246 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Workplace and 2 more | 2025-08-20 | N/A | 4.3 MEDIUM |
| Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-49761 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.8 HIGH |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-21915 | 1 Linux | 1 Linux Kernel | 2025-08-19 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. | |||||
| CVE-2025-53133 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-08-19 | N/A | 7.8 HIGH |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-50177 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 8.1 HIGH |
| Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-6636 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-08-19 | N/A | 7.8 HIGH |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||