Total
6092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22940 | 6 Debian, Netapp, Nodejs and 3 more | 10 Debian Linux, Nextgen Api, Node.js and 7 more | 2025-04-30 | 7.5 High |
| Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | ||||
| CVE-2021-22930 | 5 Debian, Netapp, Nodejs and 2 more | 7 Debian Linux, Nextgen Api, Node.js and 4 more | 2025-04-30 | 9.8 Critical |
| Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | ||||
| CVE-2020-8265 | 6 Debian, Fedoraproject, Nodejs and 3 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2025-04-30 | 8.1 High |
| Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. | ||||
| CVE-2023-5218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-04-30 | 8.8 High |
| Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2023-40131 | 1 Google | 1 Android | 2025-04-30 | 7 High |
| In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-4813 | 4 Fedoraproject, Gnu, Netapp and 1 more | 23 Fedora, Glibc, Active Iq Unified Manager and 20 more | 2025-04-30 | 5.9 Medium |
| A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | ||||
| CVE-2023-4806 | 3 Fedoraproject, Gnu, Redhat | 24 Fedora, Glibc, Codeready Linux Builder Eus and 21 more | 2025-04-30 | 5.9 Medium |
| A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | ||||
| CVE-2024-11235 | 1 Php | 1 Php | 2025-04-30 | 8.1 High |
| In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. | ||||
| CVE-2025-29815 | 2025-04-30 | 7.6 High | ||
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-27730 | 2025-04-30 | 7.8 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27729 | 2025-04-30 | 7.8 High | ||
| Use after free in Windows Shell allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-27491 | 2025-04-30 | 7.1 High | ||
| Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-27492 | 2025-04-30 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27480 | 2025-04-30 | 8.1 High | ||
| Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-27467 | 2025-04-30 | 7.8 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26679 | 2025-04-30 | 7.8 High | ||
| Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26671 | 2025-04-30 | 8.1 High | ||
| Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26670 | 2025-04-30 | 8.1 High | ||
| Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26649 | 2025-04-30 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26648 | 2025-04-30 | 7.8 High | ||
| Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||