ReportizFlow
Filtered by vendor
Subscriptions
Total
7446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59515 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60716 | 1 Microsoft | 20 Directx, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-60717 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7 High |
| Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62203 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62205 | 1 Microsoft | 7 365, 365 Apps, Office 2021 and 4 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62213 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1607 and 24 more | 2026-02-26 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-61834 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-26 | 7.8 High |
| Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-64531 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2026-02-26 | 7.8 High |
| Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-11797 | 1 Autodesk | 1 3ds Max | 2026-02-26 | 7.8 High |
| A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-9126 | 2 Apple, Google | 3 Ios, Iphone Os, Chrome | 2026-02-26 | 7.5 High |
| Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2025-48593 | 1 Google | 1 Android | 2026-02-26 | 8 High |
| In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36922 | 1 Google | 1 Android | 2026-02-26 | 6.7 Medium |
| In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36934 | 1 Google | 1 Android | 2026-02-26 | 7.4 High |
| In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-14765 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-64468 | 1 Ni | 1 Labview | 2026-02-26 | 7.8 High |
| There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions | ||||
| CVE-2025-14424 | 1 Gimp | 1 Gimp | 2026-02-26 | 7.8 High |
| GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28376. | ||||
| CVE-2025-40149 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU. | ||||
| CVE-2025-47358 | 1 Qualcomm | 43 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 40 more | 2026-02-26 | 7.8 High |
| Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | ||||
| CVE-2025-47359 | 1 Qualcomm | 75 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 72 more | 2026-02-26 | 7.8 High |
| Memory Corruption when multiple threads simultaneously access a memory free API. | ||||
| CVE-2025-47398 | 1 Qualcomm | 307 Ar8031, Ar8031 Firmware, Csra6620 and 304 more | 2026-02-26 | 7.8 High |
| Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. | ||||