Filtered by CWE-416
Total 6318 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-5991 2025-06-12 5.6 Medium
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.
CVE-2024-24263 1 Chendotjs 1 Lotos Webserver 2025-06-12 7.5 High
Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.
CVE-2025-23101 1 Samsung 2 Exynos 1380, Exynos 1380 Firmware 2025-06-11 6.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-23106 1 Samsung 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more 2025-06-11 6.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2022-0934 2 Redhat, Thekelleys 3 Enterprise Linux, Rhel Eus, Dnsmasq 2025-06-10 7.5 High
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
CVE-2024-31583 2 Linuxfoundation, Pytorchlightning 2 Pytorch, Pytorch Lightning 2025-06-10 7.8 High
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
CVE-2016-3189 2 Bzip, Python 2 Bzip2, Python 2025-06-09 6.5 Medium
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2020-1712 3 Debian, Redhat, Systemd Project 8 Debian Linux, Ceph Storage, Discovery and 5 more 2025-06-09 7.8 High
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2021-27645 4 Debian, Fedoraproject, Gnu and 1 more 4 Debian Linux, Fedora, Glibc and 1 more 2025-06-09 2.5 Low
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
CVE-2021-22945 8 Apple, Debian, Fedoraproject and 5 more 25 Macos, Debian Linux, Fedora and 22 more 2025-06-09 9.1 Critical
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2024-24262 1 Ireader 1 Media-server 2025-06-06 7.5 High
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
CVE-2025-23098 1 Samsung 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more 2025-06-06 7.8 High
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2024-24266 1 Gpac 1 Gpac 2025-06-05 7.5 High
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
CVE-2023-6347 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-06-05 8.8 High
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-5068 1 Google 1 Chrome 2025-06-05 8.8 High
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-38573 2 Foxit, Foxitsoftware 2 Reader, Foxit Reader 2025-06-05 8.8 High
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVE-2022-23090 1 Freebsd 1 Freebsd 2025-06-04 7.7 High
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
CVE-2022-34705 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-06-04 7.8 High
Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2024-53015 2025-06-04 6.6 Medium
Memory corruption while processing IOCTL command to handle buffers associated with a session.
CVE-2024-26739 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-06-04 7.8 High
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it.