ReportizFlow
Filtered by vendor
Subscriptions
Total
7446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33095 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-04-29 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33115 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-04-29 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32189 | 1 Microsoft | 12 365 Apps, Excel, Excel 2016 and 9 more | 2026-04-29 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-23657 | 1 Microsoft | 4 365 Apps, Microsoft 365 Apps For Enterprise, Office 2024 and 1 more | 2026-04-29 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32190 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-04-29 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-7359 | 1 Google | 1 Chrome | 2026-04-29 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7358 | 1 Google | 1 Chrome | 2026-04-29 | 8.8 High |
| Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7334 | 1 Google | 1 Chrome | 2026-04-29 | 8.8 High |
| Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7356 | 1 Google | 1 Chrome | 2026-04-29 | 8.8 High |
| Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-5939 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | ||||
| CVE-2026-5940 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | ||||
| CVE-2026-5942 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | ||||
| CVE-2026-5943 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries. | ||||
| CVE-2026-31532 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rcv() may still be running in an RCU read-side critical section after raw_release() frees ro->uniq, leading to a use-after-free of the percpu uniq storage. Move free_percpu(ro->uniq) out of raw_release() and into a raw-specific socket destructor. can_rx_unregister() takes an extra reference to the socket and only drops it from the RCU callback, so freeing uniq from sk_destruct ensures the percpu area is not released until the relevant callbacks have drained. [mkl: applied manually] | ||||
| CVE-2026-31533 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by commit 859054147318 ("net: tls: handle backlogging of crypto requests"), has a use-after-free due to double cleanup of encrypt_pending and the scatterlist entry. When crypto_aead_encrypt() returns -EBUSY, the request is enqueued to the cryptd backlog and the async callback tls_encrypt_done() will be invoked upon completion. That callback unconditionally restores the scatterlist entry (sge->offset, sge->length) and decrements ctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an error, the synchronous error path in tls_do_encryption() performs the same cleanup again, double-decrementing encrypt_pending and double-restoring the scatterlist. The double-decrement corrupts the encrypt_pending sentinel (initialized to 1), making tls_encrypt_async_wait() permanently skip the wait for pending async callbacks. A subsequent sendmsg can then free the tls_rec via bpf_exec_tx_verdict() while a cryptd callback is still pending, resulting in a use-after-free when the callback fires on the freed record. Fix this by skipping the synchronous cleanup when the -EBUSY async wait returns an error, since the callback has already handled encrypt_pending and sge restoration. | ||||
| CVE-2026-31597 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY filemap_fault() may drop the mmap_lock before returning VM_FAULT_RETRY, as documented in mm/filemap.c: "If our return value has VM_FAULT_RETRY set, it's because the mmap_lock may be dropped before doing I/O or by lock_folio_maybe_drop_mmap()." When this happens, a concurrent munmap() can call remove_vma() and free the vm_area_struct via RCU. The saved 'vma' pointer in ocfs2_fault() then becomes a dangling pointer, and the subsequent trace_ocfs2_fault() call dereferences it -- a use-after-free. Fix this by saving ip_blkno as a plain integer before calling filemap_fault(), and removing vma from the trace event. Since ip_blkno is copied by value before the lock can be dropped, it remains valid regardless of what happens to the vma or inode afterward. | ||||
| CVE-2026-5460 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 6.5 Medium |
| A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory. | ||||
| CVE-2026-7361 | 1 Google | 1 Chrome | 2026-04-29 | 8.8 High |
| Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-7333 | 1 Google | 1 Chrome | 2026-04-29 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7349 | 1 Google | 1 Chrome | 2026-04-29 | 7.5 High |
| Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High) | ||||