Total
5593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5991 | 2025-06-12 | N/A | N/A | ||
| There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1. | |||||
| CVE-2024-24263 | 1 Chendotjs | 1 Lotos Webserver | 2025-06-12 | N/A | 7.5 HIGH |
| Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. | |||||
| CVE-2025-23101 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23106 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2022-0934 | 2 Redhat, Thekelleys | 2 Enterprise Linux, Dnsmasq | 2025-06-10 | N/A | 7.5 HIGH |
| A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | |||||
| CVE-2024-31583 | 1 Linuxfoundation | 1 Pytorch | 2025-06-10 | N/A | 7.8 HIGH |
| Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | |||||
| CVE-2016-3189 | 2 Bzip, Python | 2 Bzip2, Python | 2025-06-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | |||||
| CVE-2024-24262 | 1 Ireader | 1 Media-server | 2025-06-06 | N/A | 7.5 HIGH |
| media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | |||||
| CVE-2025-23098 | 1 Samsung | 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more | 2025-06-06 | N/A | 7.8 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-5644 | 2025-06-05 | 1.0 LOW | 2.5 LOW | ||
| A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. | |||||
| CVE-2024-24266 | 1 Gpac | 1 Gpac | 2025-06-05 | N/A | 7.5 HIGH |
| gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. | |||||
| CVE-2023-6347 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-06-05 | N/A | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-5068 | 1 Google | 1 Chrome | 2025-06-05 | N/A | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-23090 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | 7.7 HIGH |
| The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF). | |||||
| CVE-2025-27038 | 1 Qualcomm | 88 Ar8031, Ar8031 Firmware, Csra6620 and 85 more | 2025-06-04 | N/A | 7.5 HIGH |
| Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. | |||||
| CVE-2022-34707 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-34705 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-04 | N/A | 7.8 HIGH |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | |||||
| CVE-2024-53015 | 2025-06-04 | N/A | 6.6 MEDIUM | ||
| Memory corruption while processing IOCTL command to handle buffers associated with a session. | |||||
| CVE-2025-27031 | 2025-06-04 | N/A | 7.8 HIGH | ||
| memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | |||||
| CVE-2024-26739 | 1 Linux | 1 Linux Kernel | 2025-06-04 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. | |||||