Search Results (9235 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3929 1 Opera 1 Opera Browser 2026-04-23 N/A
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
CVE-2009-1544 1 Microsoft 4 Windows 2003 Server, Windows Server 2008, Windows Vista and 1 more 2026-04-23 8.8 High
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
CVE-2009-1364 3 Francis James Franklin, Opensuse, Redhat 3 Libwmf, Opensuse, Enterprise Linux 2026-04-23 N/A
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
CVE-2009-0749 3 Opensuse, Optipng Project, Suse 3 Opensuse, Optipng, Linux Enterprise 2026-04-23 7.8 High
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.
CVE-2008-0077 1 Microsoft 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more 2026-04-23 8.8 High
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
CVE-2009-0846 5 Apple, Canonical, Fedoraproject and 2 more 9 Mac Os X, Ubuntu Linux, Fedora and 6 more 2026-04-23 N/A
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
CVE-2007-5901 3 Apple, Mit, Redhat 4 Mac Os X, Mac Os X Server, Kerberos 5 and 1 more 2026-04-23 N/A
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
CVE-2006-4997 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2026-04-23 7.5 High
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
CVE-2006-5051 4 Apple, Debian, Openbsd and 1 more 5 Mac Os X, Mac Os X Server, Debian Linux and 2 more 2026-04-23 8.1 High
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2025-43432 1 Apple 10 Ios, Ipad Os, Ipados and 7 more 2026-04-22 4.3 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43434 1 Apple 6 Ios, Ipados, Iphone Os and 3 more 2026-04-22 4.3 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43438 2 Apple, Redhat 15 Ios, Ipad Os, Ipados and 12 more 2026-04-22 4.3 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-3979 1 Quickjs-ng 1 Quickjs 2026-04-22 5.3 Medium
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.
CVE-2025-43511 1 Apple 3 Ios, Ipados, Iphone Os 2026-04-22 6.5 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536 1 Apple 6 Ios, Ipados, Iphone Os and 3 more 2026-04-22 4.3 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529 1 Apple 9 Ios, Ipados, Iphone Os and 6 more 2026-04-22 8.8 High
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2026-25178 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-22 7 High
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25170 1 Microsoft 15 Windows 11 22h3, Windows 11 23h2, Windows 11 23h2 and 12 more 2026-04-22 7 High
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-24295 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-22 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-23669 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-22 8.8 High
Use after free in RPC Runtime allows an authorized attacker to execute code over a network.