Total
5502 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-1706 | 2025-05-17 | N/A | N/A | ||
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | |||||
CVE-2025-26601 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-05-16 | N/A | 7.8 HIGH |
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. | |||||
CVE-2025-26600 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-05-16 | N/A | 7.8 HIGH |
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. | |||||
CVE-2025-4516 | 2025-05-16 | N/A | N/A | ||
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. | |||||
CVE-2025-32709 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-16 | N/A | 7.8 HIGH |
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-30400 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-05-16 | N/A | 7.8 HIGH |
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-32701 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-16 | N/A | 7.8 HIGH |
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
CVE-2023-42080 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21877. | |||||
CVE-2023-42082 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21944. | |||||
CVE-2023-42086 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22062. | |||||
CVE-2023-42108 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22135. | |||||
CVE-2023-42059 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20932. | |||||
CVE-2023-42075 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-16 | N/A | 7.8 HIGH |
PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21691. | |||||
CVE-2025-43568 | 2025-05-16 | N/A | 7.8 HIGH | ||
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2025-43549 | 2025-05-16 | N/A | 7.8 HIGH | ||
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2025-20006 | 2025-05-16 | N/A | 7.4 HIGH | ||
Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
CVE-2025-43570 | 2025-05-16 | N/A | 7.8 HIGH | ||
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2025-43571 | 2025-05-16 | N/A | 7.8 HIGH | ||
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2025-20062 | 2025-05-16 | N/A | 6.1 MEDIUM | ||
Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
CVE-2025-20046 | 2025-05-16 | N/A | 8.0 HIGH | ||
Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |