CWE-416
7,675 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,675)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. |
1Microsoft 5365 Apps ExcelOffice+2 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 4365 Apps 365 CopilotOffice+1 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 4365 Apps ExcelOffice+1 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 moreJun 17, 2026 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use Afte...Show more |
Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146. |
Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. |
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed...Show more |
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFam...Show more |
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium s...Show more |
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for...Show more |
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for...Show more |