← Back
CWE-416

7,703 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

JSON object

Loading...

CVEs (7,703)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium sec...Show more
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium secur...Show more
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium...Show more
Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever...Show more
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium s...Show more
Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever...Show more
Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium se...Show more
Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
8.3 HIGH· v3
N/A· v2
Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chr...Show more
Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)Show less
1Google
1Chrome
Jun 17, 2026
May 14, 2026
N/A· v4
9.6 CRITICAL· v3
N/A· v2
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
1F5
21Big Ip Access Policy Manager
Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 more
Jun 24, 2026
May 13, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Managemen...Show more
When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
1F5
7Dos
Nginx Gateway FabricNginx Ingress Controller+4 more
Jun 23, 2026
May 13, 2026
6.3 MEDIUM· v4
4.8 MEDIUM· v3
N/A· v2
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters...Show more
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
1Mongodb
1Mongodb
Jun 17, 2026
May 13, 2026
7.7 HIGH· v4
6.5 MEDIUM· v3
N/A· v2
After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript...Show more
After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in a specific way, resulting in a post-authentication denial-of-service. This issue impacts MongoDB Server v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.Show less
1Mongodb
1Mongodb
Jun 17, 2026
May 13, 2026
6.1 MEDIUM· v4
8.8 HIGH· v3
N/A· v2
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over th...Show more
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.Show less
1Exim
1Exim
Jun 17, 2026
May 12, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, fol...Show more
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.Show less
1Microsoft
14Windows 10 1607
Windows 10 1809Windows 10 21h2+11 more
Jun 17, 2026
May 12, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
1Microsoft
6Windows Server 2012
Windows Server 2016Windows Server 2019+3 more
Jun 17, 2026
May 12, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
1Microsoft
3365 Apps
OfficeOffice Long Term Servicing Channel
Jun 17, 2026
May 12, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.