Total
6518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5122 | 7 Adobe, Apple, Linux and 4 more | 15 Flash Player, Flash Player Desktop Runtime, Macos and 12 more | 2025-10-22 | 9.8 Critical |
| Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. | ||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 15 Flash Player, Mac Os X, Linux Kernel and 12 more | 2025-10-22 | 9.8 Critical |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | ||||
| CVE-2015-2360 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-10-22 | 8.8 High |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2025-11979 | 1 Mongodb | 1 Mongodb | 2025-10-21 | 5.3 Medium |
| An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0. | ||||
| CVE-2025-48008 | 1 F5 | 24 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2025-10-21 | 7.5 High |
| When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-47342 | 1 Qualcomm | 17 Qcc5161, Qcc5161 Firmware, Qcc7225 and 14 more | 2025-10-21 | 7.1 High |
| Transient DOS may occur when multi-profile concurrency arises with QHS enabled. | ||||
| CVE-2025-46710 | 1 Imaginationtech | 1 Ddk | 2025-10-21 | 5.7 Medium |
| Possible kernel exceptions caused by reading and writing kernel heap data after free. | ||||
| CVE-2025-58287 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 7.8 High |
| Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58299 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 8.4 High |
| Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54281 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-10-20 | 7.8 High |
| Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-61802 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-10-20 | 7.8 High |
| Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-61801 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-10-20 | 7.8 High |
| Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54279 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-10-20 | 7.8 High |
| Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-59734 | 1 Ffmpeg | 1 Ffmpeg | 2025-10-19 | N/A |
| It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, the undecoded frame is stored, and decoded again when the FTCH chunks are parsed. However, in process_frame_obj if the frame has an invalid size, there’s an early return, with a value of 0. This causes the code in decode_frame to still store the raw frame buffer into ctx->stored_frame. Leaving ctx->has_dimensions set to false. A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to the top/left values and calling process_frame_obj again. Given that we never set ctx->have_dimensions before, this time we set the dimensions, calling init_buffers, which can reallocate the buffer in ctx->stored_frame, freeing the previous one. However, the GetByteContext object gb still holds a reference to the old buffer. Finally, when the code tries to decode the frame, codecs that accept a GetByteContext as a parameter will trigger a use-after-free read when using gb. GetByteContext is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free and when the object is accessed. However, upon returning to process_ftch, the code restores the original values for top/left in stored_frame, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator’s metadata. This issue can be triggered just by probing whether a file has the sanm format. We recommend upgrading to version 8.0 or beyond. | ||||
| CVE-2025-46709 | 1 Imaginationtech | 2 Ddk, Graphics Ddk | 2025-10-17 | 7.5 High |
| Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. | ||||
| CVE-2025-54101 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-17 | 4.8 Medium |
| Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. | ||||
| CVE-2024-57875 | 1 Linux | 1 Linux Kernel | 2025-10-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace_pointer() with the disk zone_wplugs_lock spinlock held. disk_free_zone_resources() is modified to call disk_update_zone_resources() with a NULL bitmap pointer to free the disk conv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in disk_update_zone_resources() to set the new (revalidated) bitmap and free the old one. | ||||
| CVE-2024-54030 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-10-16 | 4.4 Medium |
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. | ||||
| CVE-2023-48184 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | 3.9 Low |
| QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | ||||
| CVE-2024-38078 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2025-10-14 | 7.5 High |
| Xbox Wireless Adapter Remote Code Execution Vulnerability | ||||