← Back
CWE-416

7,688 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,688)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Apple
5Ipados
Iphone OsMacos+2 more
Jun 30, 2026
Feb 11, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web conte...Show more
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
1Google
1Chrome
Jun 17, 2026
Feb 11, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium s...Show more
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)Show less
1Google
1Chrome
Jun 17, 2026
Feb 11, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
-
Jun 17, 2026
Feb 10, 2026
4.6 MEDIUM· v4
N/A· v3
N/A· v2
A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity.
1Adobe
1After Effects
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...Show more
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1After Effects
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...Show more
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1After Effects
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...Show more
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1After Effects
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...Show more
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Adobe
1After Effects
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...Show more
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
1Microsoft
5Windows Server 2016
Windows Server 2019Windows Server 2022+2 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
1Microsoft
8Windows 10 21h2
Windows 10 22h2Windows 11 23h2+5 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
1Microsoft
6Windows 11 23h2
Windows 11 24h2Windows 11 25h2+3 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
1Microsoft
8Windows 10 21h2
Windows 10 22h2Windows 11 23h2+5 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
1Microsoft
9Windows 10 1607
Windows 10 1809Windows 10 21h2+6 more
Jun 17, 2026
Feb 10, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
1Ckolivas
1Lrzip
Jun 17, 2026
Feb 10, 2026
1.9 LOW· v4
7.8 HIGH· v3
4.3 MEDIUM· v2
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The ex...Show more
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.Show less
1Freerdp
1Freerdp
Jun 17, 2026
Feb 9, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after f...Show more
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.Show less
1Freerdp
1Freerdp
Jun 17, 2026
Feb 9, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reini...Show more
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.Show less
1Freerdp
1Freerdp
Jun 17, 2026
Feb 9, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_wr...Show more
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.Show less
1Freerdp
1Freerdp
Jun 17, 2026
Feb 9, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerabilit...Show more
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.Show less