Filtered by vendor
Subscriptions
Total
6249 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-49735 | 2025-07-21 | 8.1 High | ||
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-49726 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-21 | 7.8 High |
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49711 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-21 | 7.8 High |
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
CVE-2025-47991 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-21 | 7.8 High |
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-49677 | 1 Microsoft | 1 Windows 11 22h2 | 2025-07-21 | 7 High |
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47986 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-21 | 8.8 High |
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47976 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-21 | 7.8 High |
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-47917 | 2025-07-20 | 8.9 High | ||
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN). | ||||
CVE-2025-25568 | 1 Softether | 1 Vpn | 2025-07-19 | 9.8 Critical |
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's own privileges (it is a stress-testing tool for a networking stack). | ||||
CVE-2022-49501 | 1 Linux | 1 Linux Kernel | 2025-07-17 | 7.8 High |
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessary to address the issue: https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/ So the commit was not necessary. The commit made binding and unbinding of USB Ethernet asymmetrical: Before, usbnet_probe() first invoked the ->bind() callback and then register_netdev(). usbnet_disconnect() mirrored that by first invoking unregister_netdev() and then ->unbind(). Since the commit, the order in usbnet_disconnect() is reversed and no longer mirrors usbnet_probe(). One consequence is that a PHY disconnected (and stopped) in ->unbind() is afterwards stopped once more by unregister_netdev() as it closes the netdev before unregistering. That necessitates a contortion in ->stop() because the PHY may only be stopped if it hasn't already been disconnected. Reverting the commit allows making the call to phy_stop() unconditional in ->stop(). | ||||
CVE-2024-2612 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-07-17 | 8.1 High |
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
CVE-2025-7657 | 1 Google | 1 Chrome | 2025-07-16 | 8.8 High |
Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-30102 | 1 Microsoft | 1 365 Apps | 2025-07-16 | 7.3 High |
Microsoft Office Remote Code Execution Vulnerability | ||||
CVE-2024-30101 | 1 Microsoft | 2 365 Apps, Office | 2025-07-16 | 7.5 High |
Microsoft Office Remote Code Execution Vulnerability | ||||
CVE-2024-30089 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-16 | 7.8 High |
Microsoft Streaming Service Elevation of Privilege Vulnerability | ||||
CVE-2024-30086 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-16 | 7.8 High |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | ||||
CVE-2024-30062 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-07-16 | 7.8 High |
Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | ||||
CVE-2024-30082 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-16 | 7.8 High |
Win32k Elevation of Privilege Vulnerability | ||||
CVE-2024-30080 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-16 | 9.8 Critical |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
CVE-2025-7042 | 2025-07-15 | 7.8 High | ||
Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file. |