CWE-416
7,165 CVEs • Abstraction: Variant • Likelihood of Exploit: High
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CVEs (7,165)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 G...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 G...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 G...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 G...Show more |
1Microsoft 9Windows 7 Windows 8Windows 8.1+6 moreMay 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 G...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...Show more |
3Adobe AppleMicrosoft4Acrobat Acrobat ReaderMac Os X+1 moreMay 6, 2026 May 13, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...Show more |
6Apple CanonicalDebian+3 more11Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+8 moreMay 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact...Show more |
3Apple OraclePhp5Linux Mac Os XPhp+2 moreMay 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified othe...Show more |
4Canonical GoogleOpensuse+1 more8Chrome Enterprise Linux DesktopEnterprise Linux Eus+5 moreMay 6, 2026 Feb 6, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windo...Show more |
4Adobe MicrosoftOpensuse+1 more7Edge EvergreenFlash Player+4 moreApr 21, 2026 Feb 2, 2015 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unsp...Show more |
1Adobe 4Air Air SdkAir Sdk & Compiler+1 moreApr 21, 2026 Nov 25, 2014 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler be...Show more |
2Google Redhat5Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+2 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
2Google Redhat5Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+2 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified...Show more |
3Apple GoogleRedhat9Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+6 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote...Show more |
2Google Redhat5Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+2 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that trigge...Show more |
2Google Redhat5Chrome Enterprise Linux Desktop SupplementaryEnterprise Linux Server Supplementary+2 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash)...Show more |
3Mozilla OpensuseOracle5Evergreen FirefoxOpensuse+2 moreMay 6, 2026 Sep 3, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary c...Show more |