← Back
CWE-416

7,688 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,688)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Apple
7Ipados
Iphone OsMacos+4 more
Jun 30, 2026
Mar 25, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process re...Show more
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.Show less
1Apple
5Ipados
Iphone OsMacos+2 more
Jun 30, 2026
Mar 25, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected p...Show more
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
1Apple
1Macos
Jun 17, 2026
Mar 25, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to syste...Show more
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination.Show less
1Apple
5Ipados
Iphone OsMacos+2 more
Jun 17, 2026
Mar 25, 2026
N/A· v4
7.1 HIGH· v3
N/A· v2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app...Show more
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.Show less
1Apple
6Ipados
Iphone OsMacos+3 more
Jun 17, 2026
Mar 25, 2026
N/A· v4
6.2 MEDIUM· v3
N/A· v2
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3,...Show more
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.Show less
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
1Mozilla
1Firefox
Jun 17, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
1Mozilla
1Firefox
Jun 30, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
1Mozilla
1Firefox
Jun 30, 2026
Mar 24, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
1Mozilla
1Firefox
Jun 30, 2026
Mar 24, 2026
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
1Mozilla
1Firefox
Jun 30, 2026
Mar 24, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
-
-
Jun 17, 2026
Mar 24, 2026
N/A· v4
6.4 MEDIUM· v3
N/A· v2
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.
-
-
Jun 17, 2026
Mar 24, 2026
7.3 HIGH· v4
N/A· v3
N/A· v2
Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C‎. This issue affects Echo-Mate: before V250329.
1Google
1Chrome
Jun 17, 2026
Mar 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
1Google
1Chrome
Jun 17, 2026
Mar 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
1Google
1Chrome
Jun 17, 2026
Mar 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
1Xnview
1Nconvert
Jun 17, 2026
Mar 23, 2026
N/A· v4
6.2 MEDIUM· v3
N/A· v2
XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
1Libfuse Project
1Libfuse
Jun 30, 2026
Mar 20, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesyste...Show more
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.Show less