CWE-416: Use After Free

A use-after-free vulnerability in libsoup's HTTP/2 message queue handling allows remote attackers to crash applications by sending specific HTTP/2 req...

This vulnerability affects F5 BIG-IP systems with TCP profiles configured with Multipath TCP (MPTCP) enabled on virtual servers. Under specific traffi...

A use-after-free vulnerability in Windows Connected Devices Platform Service allows unauthorized attackers to execute arbitrary code remotely over a n...

A use-after-free vulnerability in rAthena's RODEX functionality allows unauthenticated attackers to crash the map-server, causing denial of service. T...

This CVE describes a use-after-free vulnerability in QEMU's WebSocket handling for VNC. A malicious client can cause denial of service by exploiting a...

This CVE describes a use-after-free vulnerability in Envoy's DNS cache within the Dynamic Forward Proxy implementation. It can cause abnormal process ...

A use-after-free vulnerability in rust-ffmpeg's write_interleaved method allows memory corruption through Rust aliasing rule violations. This affects ...

This CVE describes a use-after-free vulnerability in Imagination Technologies GPU drivers that could allow attackers to cause kernel memory leaks or t...

This vulnerability allows memory corruption in Chrome's graphics rendering through Adreno GPU drivers, potentially enabling arbitrary code execution. ...

This vulnerability allows non-privileged users to trigger use-after-free kernel exceptions through improper GPU system calls, potentially leading to p...

CVE-2025-29831 is a use-after-free vulnerability in Microsoft's Remote Desktop Gateway Service that allows unauthorized attackers to execute arbitrary...

This vulnerability allows attackers to cause a denial of service in DNSdist by sending specially crafted DNS-over-HTTPS (DoH) requests that trigger a ...

CVE-2025-26687 is a use-after-free vulnerability in Windows Win32K graphics subsystem that allows local attackers to escalate privileges. This affects...

A race condition during concurrent delazification in Mozilla products could lead to use-after-free vulnerabilities, potentially allowing attackers to ...

This CVE describes a use-after-free vulnerability (CWE-416) in Microsoft's BranchCache service that allows remote attackers to execute arbitrary code ...

This CVE describes a use-after-free vulnerability in OpenSSL's SSL_free_buffers function. Only applications that directly call this rarely-used functi...

This vulnerability allows an attacker to cause a denial-of-service (DoS) condition by sending specially crafted MBSSID Information Element fragments i...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Windows Deployment Services (WDS). Attackers can explo...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition by sending specially crafted MBSSID Information Element fragments in ...

CVE-2024-36844 is a use-after-free vulnerability in libmodbus v3.1.6 that allows attackers to cause Denial of Service (DoS) by sending a crafted messa...

This Linux kernel vulnerability in the NFS client allows a use-after-free condition when mounting multiple exports from the same server through differ...

This CVE-2024-30416 is a Use After Free vulnerability in a driver module that could allow attackers to crash affected systems, causing denial of servi...

This vulnerability is a heap-use-after-free flaw in Bento4 v1.6.0-641-2-g1529b83 that occurs during destruction of AP4_UnknownAtom objects. It allows ...

A heap-use-after-free vulnerability in Bento4 v1.6.0-641-2-g1529b83 allows attackers to cause denial of service by triggering memory corruption in the...

This is a use-after-free vulnerability in the cassandra-rs Rust driver for Cassandra databases. When code accesses an iterator item after the iterator...

CVE-2024-26455 is a use-after-free vulnerability in fluent-bit's custom_calyptia plugin that could allow attackers to execute arbitrary code or cause ...

Envoy proxy crashes when specific timeout configurations overlap, causing a denial of service. This affects Envoy deployments with hedge_on_per_try_ti...

CVE-2024-24262 is a Use-After-Free vulnerability in media-server v1.0.0's SIP transaction timer handling. This allows attackers to potentially execute...

A use-after-free vulnerability in libxml2's XML Reader interface when processing crafted XML documents with DTD validation and XInclude expansion enab...

This vulnerability allows an attacker to execute arbitrary code on a victim's system by tricking them into connecting to a malicious RDP server. It af...

CVE-2023-52266 is a use-after-free vulnerability in ehttp 1.0.6's epoll_socket.cpp read_func. An attacker can trigger this by making many connections ...

A use-after-free vulnerability in Ghostscript's gdev_prn_open_printer_seekable() function allows remote attackers to crash the application via a dangl...

A use-after-free vulnerability (CWE-416) in the idmap module of Huawei HarmonyOS and EMUI systems allows attackers to cause abnormal feature behavior ...

A use-after-free vulnerability in Firefox, Firefox ESR, and Thunderbird garbage collection could allow attackers to cause a crash or potentially execu...

This CVE describes a Use-After-Free vulnerability in the surfaceflinger module of Huawei/HarmonyOS devices. Successful exploitation can cause system c...

CVE-2023-40632 is a use-after-free vulnerability in the jpg driver that could allow remote attackers to disclose sensitive information without requiri...

CVE-2023-2680 is a use-after-free vulnerability in qemu-kvm virtualization software that occurs due to an incomplete fix for CVE-2021-3750. This allow...

CVE-2022-48560 is a use-after-free vulnerability in Python's heapq.heappushpop function that can lead to memory corruption. This affects Python applic...

CVE-2021-32421 is a heap use-after-free vulnerability in dpic's deletestringbox() function that allows attackers to execute arbitrary code or cause de...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services by exploiting a use-after-free memory co...

NanoMQ 0.16.5 contains a heap-use-after-free vulnerability in the nano_ctx_send function that allows attackers to potentially execute arbitrary code o...

A use-after-free vulnerability in NanoMQ 0.17.2 allows attackers to trigger memory corruption by calling nni_mqtt_msg_get_publish_property(). This can...

CVE-2023-28319 is a use-after-free vulnerability in curl/libcurl versions before 8.1.0 that occurs during SSH server public key verification. When ver...

CVE-2023-24833 is a use-after-free vulnerability in Hermes JavaScript engine's BigIntPrimitive addition that allows attackers to leak raw heap data fr...

This is a use-after-free vulnerability in Chrome's DevTools that could allow heap corruption. Attackers could potentially execute arbitrary code or cr...

A denial-of-service vulnerability in the webserver of multiple Siemens SIMATIC communication processors allows attackers to crash the webserver, causi...

This CVE describes a use-after-free vulnerability in BIOS firmware for certain Intel processors. A privileged user could exploit this via local access...

A Use After Free vulnerability in ireader media-server's librtmp component allows attackers to cause denial of service by exploiting memory corruption...

This vulnerability is a use-after-free flaw in Chrome's File System API that allows remote attackers to potentially exploit heap corruption via a craf...

This is a use-after-free vulnerability in Google Chrome's Ozone display system that could allow remote attackers to exploit heap corruption. Attackers...