Total
6781 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6746 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | N/A | 7.5 HIGH |
| Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||||
| CVE-2017-0261 | 1 Microsoft | 1 Office | 2026-04-22 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. | |||||
| CVE-2017-0263 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2026-04-22 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2016-0984 | 5 Adobe, Apple, Google and 2 more | 11 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 8 more | 2026-04-22 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983. | |||||
| CVE-2010-3962 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2026-04-22 | 9.3 HIGH | 8.1 HIGH |
| Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. | |||||
| CVE-2009-4324 | 5 Adobe, Apple, Microsoft and 2 more | 7 Acrobat, Acrobat Reader, Mac Os X and 4 more | 2026-04-21 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | |||||
| CVE-2014-0496 | 3 Adobe, Apple, Microsoft | 3 Acrobat, Mac Os X, Windows | 2026-04-21 | 10.0 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-7855 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Mac Os X, Chrome Os and 9 more | 2026-04-21 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | |||||
| CVE-2016-7892 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2026-04-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2014-8439 | 4 Adobe, Apple, Linux and 1 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2026-04-21 | 10.0 HIGH | 8.8 HIGH |
| Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | |||||
| CVE-2015-0313 | 6 Adobe, Apple, Linux and 3 more | 16 Flash Player, Mac Os X, Linux Kernel and 13 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | |||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2015-5122 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. | |||||
| CVE-2015-5123 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2026-32075 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-21 | N/A | 7.0 HIGH |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-32078 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-21 | N/A | 7.8 HIGH |
| Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-32080 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-04-21 | N/A | 7.0 HIGH |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-32155 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2026-04-21 | N/A | 7.8 HIGH |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-35866 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_dump_full_key() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. | |||||
| CVE-2014-1776 | 1 Microsoft | 11 Internet Explorer, Windows 7, Windows 8 and 8 more | 2026-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." | |||||