CWE-416
7,674 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,674)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 4365 Apps 365 CopilotOffice+1 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
1Microsoft 4365 Apps 365 CopilotOffice+1 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
1Microsoft 2365 Apps Office Long Term Servicing ChannelJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps ExcelOffice+2 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps ExcelOffice+2 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps ExcelOffice+2 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025Jun 17, 2026 Oct 14, 2025 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025Jun 17, 2026 Oct 14, 2025 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. |
1Microsoft 16Windows 10 1507 Windows 10 1607Windows 10 1809+13 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
1Microsoft 11Windows 10 1809 Windows 10 21h2Windows 10 22h2+8 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally. |
1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025Jun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. |
1Microsoft 12Windows 10 1507 Windows 10 1809Windows 10 21h2+9 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
1Microsoft 6Windows Server 2012 Windows Server 2016Windows Server 2019+3 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. |
1Microsoft 16Windows 10 1507 Windows 10 1607Windows 10 1809+13 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
1Microsoft 16Windows 10 1507 Windows 10 1607Windows 10 1809+13 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
1Microsoft 16Windows 10 1507 Windows 10 1607Windows 10 1809+13 moreJun 17, 2026 Oct 14, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. |