Total
5665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26670 | 2025-04-09 | N/A | 8.1 HIGH | ||
| Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-27492 | 2025-04-09 | N/A | 7.0 HIGH | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27491 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-27751 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27729 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Windows Shell allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27746 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29792 | 2025-04-09 | N/A | 7.3 HIGH | ||
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27730 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29820 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27480 | 2025-04-09 | N/A | 8.1 HIGH | ||
| Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-27750 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-3416 | 2025-04-09 | N/A | 3.7 LOW | ||
| A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | |||||
| CVE-2022-4382 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A | 6.4 MEDIUM |
| A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | |||||
| CVE-2008-3077 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability. | |||||
| CVE-2008-5038 | 1 Novell | 1 Edirectory | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. | |||||
| CVE-2009-1837 | 4 Debian, Fedoraproject, Mozilla and 1 more | 9 Debian Linux, Fedora, Firefox and 6 more | 2025-04-09 | 9.3 HIGH | 7.5 HIGH |
| Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | |||||
| CVE-2009-4324 | 5 Adobe, Apple, Microsoft and 2 more | 7 Acrobat, Acrobat Reader, Mac Os X and 4 more | 2025-04-09 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | |||||
| CVE-2009-3658 | 1 Aol | 1 Superbuddy Activex Control | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. | |||||
| CVE-2010-0249 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2006-4997 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-09 | 7.1 HIGH | 7.5 HIGH |
| The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | |||||