CWE-416: Use After Free

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows malicious applications to elevate privileges. It af...

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where concurrent destruction of anonymous shared memory map...

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can lead to denial of service. This affects applications...

This is a use-after-free vulnerability in Microsoft Graphics Component that allows an authenticated attacker to execute arbitrary code with elevated p...

This CVE describes a critical vulnerability in Redis where authenticated users can execute specially crafted Lua scripts to manipulate the garbage col...

This CVE describes a use-after-free vulnerability in FreeRDP's clipboard handling for X11 clients. When FreeRDP automatically reconnects, one thread f...

This is a use-after-free vulnerability in FreeRDP's X11 client implementation where the RDPGFX DVC thread can access a freed window pointer while the ...

This is a use-after-free vulnerability in FreeRDP's X11 client where a cached XImage continues to reference freed memory. Attackers could potentially ...

A use-after-free vulnerability in Firefox's JavaScript engine allows attackers to execute arbitrary code by tricking users into visiting malicious web...

This CVE describes a use-after-free vulnerability in Firefox's DOM Bindings (WebIDL) component that could allow an attacker to execute arbitrary code....

A use-after-free vulnerability in Firefox's audio/video playback component allows attackers to execute arbitrary code or cause crashes. This affects F...

A use-after-free vulnerability in Firefox's JavaScript garbage collector component allows attackers to execute arbitrary code by manipulating memory a...

This CVE describes a use-after-free vulnerability in Firefox's JavaScript JIT compiler that could allow arbitrary code execution. It affects Firefox v...

A use-after-free vulnerability in Firefox's JavaScript JIT engine allows attackers to execute arbitrary code by tricking users into visiting malicious...

This vulnerability allows remote code execution through malicious web pages containing specially crafted GPU shader code. When loaded, it triggers a u...

CVE-2026-0794 is a use-after-free vulnerability in ALGO 8180 IP Audio Alerter devices that allows remote attackers to execute arbitrary code without a...

This is a use-after-free vulnerability in FreeRDP's X11 client graphics handling that allows a malicious RDP server to trigger heap corruption in the ...

CVE-2026-23884 is a use-after-free vulnerability in FreeRDP clients where offscreen bitmap deletion leaves a pointer to freed memory. A malicious RDP ...

This is a critical heap use-after-free vulnerability in FreeRDP that allows remote code execution. Attackers can exploit this to execute arbitrary cod...

FreeImage 3.18.0 contains a use-after-free vulnerability in the TARGA image parser that allows attackers to execute arbitrary code or cause denial of ...

A use-after-free vulnerability in the JavaScript Engine component allows attackers to execute arbitrary code or cause denial of service. This affects ...

A use-after-free vulnerability in Firefox's Disability Access APIs allows attackers to execute arbitrary code by manipulating freed memory. This affec...

A use-after-free vulnerability in the Gecko Media Plugins (GMP) component of Firefox and Thunderbird allows attackers to execute arbitrary code or cau...

A use-after-free vulnerability in the WebRTC signaling component allows attackers to execute arbitrary code or cause a crash by manipulating memory af...

CVE-2025-57108 is a critical heap use-after-free vulnerability in Kitware VTK's GLTF file parser that allows remote code execution or application cras...

A use-after-free vulnerability in Firefox's WebGPU implementation allows a compromised child process to trigger memory corruption in the GPU or browse...

A use-after-free vulnerability in Thunderbird's native messaging API on Windows allows memory corruption when web extensions interact with the API. Th...

This is a use-after-free vulnerability in Firefox and Thunderbird's MediaTrackGraphImpl::GetInstance() function. It allows attackers to execute arbitr...

CVE-2025-22408 is a critical use-after-free vulnerability in Android's Bluetooth stack that allows remote code execution without user interaction. Att...

This critical vulnerability in Android's Bluetooth stack allows remote attackers to execute arbitrary code without user interaction. A use-after-free ...

This critical vulnerability in Android's Bluetooth stack allows remote attackers to execute arbitrary code without user interaction or additional priv...

A use-after-free vulnerability in libcoap's coap_delete_pdu_lkd function allows memory corruption when applications misuse the library. This could lea...

A use-after-free vulnerability (CWE-416) in Apple operating systems allows attackers to cause unexpected application termination. This affects macOS a...

A Use After Free vulnerability in Samsung's rLottie animation library allows remote attackers to execute arbitrary code by exploiting memory corruptio...

A use-after-free vulnerability in Firefox's FontFaceSet implementation allows memory corruption that could lead to arbitrary code execution. This affe...

CVE-2023-26226 is a use-after-free memory corruption vulnerability in Yandex Browser that allows attackers to execute arbitrary code or cause denial o...

A heap buffer overflow vulnerability in Exiv2 versions 0.28.0 through 0.28.4 allows attackers to potentially execute arbitrary code by tricking victim...

A use-after-free vulnerability in Firefox and Thunderbird allows attackers to cause potentially exploitable crashes via crafted XSLT data. This affect...

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by exploiting a use-after-free bug in the Reliable Mu...

This critical vulnerability in Windows OLE (Object Linking and Embedding) allows remote attackers to execute arbitrary code on affected systems by tri...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL (Adaptive Monte Carlo Localization) component. Attackers can remotely trigger me...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL process that can be triggered remotely by sending a request to change the dynami...

CVE-2024-38921 is a critical use-after-free vulnerability in ROS2 Nav2's AMCL component that allows remote attackers to potentially execute arbitrary ...

This CVE describes a use-after-free vulnerability in ROS2 Nav2's AMCL process that can be triggered remotely by sending a request to change the dynami...

This critical vulnerability allows remote attackers to execute arbitrary code by exploiting a use-after-free flaw in Firefox's animation timeline impl...

A servicing stack vulnerability in Windows 10 version 1507 has rolled back previously fixed security patches for optional components, allowing attacke...

This critical vulnerability allows remote attackers to execute arbitrary code on Windows systems running the Line Printer Daemon (LPD) service. Attack...

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted packets to the Reliable ...

CVE-2024-30080 is a critical remote code execution vulnerability in Microsoft Message Queuing (MSMQ) that allows unauthenticated attackers to execute ...

This is a use-after-free vulnerability in the Linux kernel's NVMe over RDMA subsystem. An attacker could exploit this to cause kernel memory corruptio...