Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9820 vulnerabilities reference this CWE, most recent first.

GHSA-2H7M-JH29-4FMG

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 15:35
VLAI
Details

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13918"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:05Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-2h7m-jh29-4fmg",
  "modified": "2026-07-01T15:35:03Z",
  "published": "2026-07-01T00:34:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13918"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/509712284"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H7P-XM3F-96JX

Vulnerability from github – Published: 2022-05-17 02:21 – Updated: 2022-05-17 02:21
VLAI
Details

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-13T19:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993.",
  "id": "GHSA-2h7p-xm3f-96jx",
  "modified": "2022-05-17T02:21:29Z",
  "published": "2022-05-17T02:21:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6963"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93491"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H9J-HXW7-2JF3

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:17Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-2h9j-hxw7-2jf3",
  "modified": "2026-07-14T18:32:13Z",
  "published": "2026-07-14T18:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47290"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H9X-7QVF-96J8

Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30
VLAI
Details

Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T03:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Memory Corruption in Audio while invoking IOCTLs calls from the user-space.",
  "id": "GHSA-2h9x-7qvf-96j8",
  "modified": "2023-12-05T03:30:22Z",
  "published": "2023-12-05T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22668"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HFR-4CGX-VGJV

Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-12 00:00
VLAI
Details

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-05T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-2hfr-4cgx-vgjv",
  "modified": "2022-04-12T00:00:49Z",
  "published": "2022-04-06T00:01:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0605"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1286940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HGR-CPRG-9825

Vulnerability from github – Published: 2026-06-09 00:33 – Updated: 2026-06-09 03:31
VLAI
Details

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T00:16:47Z",
    "severity": "HIGH"
  },
  "details": "Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-2hgr-cprg-9825",
  "modified": "2026-06-09T03:31:39Z",
  "published": "2026-06-09T00:33:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11649"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/511270083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HH5-254V-JPF4

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix use-after-free of encap entry in neigh update handler

Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free:

[23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635 [23827.472251] [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5 [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core] [23827.476731] Call Trace: [23827.477260] dump_stack+0xbb/0x107 [23827.477906] print_address_description.constprop.0+0x18/0x140 [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.480905] kasan_report.cold+0x7c/0xd8 [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.482744] kasan_check_range+0x145/0x1a0 [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core] [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core] [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core] [23827.497486] ? read_word_at_a_time+0xe/0x20 [23827.498250] ? strscpy+0xa0/0x2a0 [23827.498889] process_one_work+0x8ac/0x14e0 [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400 [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [23827.501359] ? rwlock_bug.part.0+0x90/0x90 [23827.502116] worker_thread+0x53b/0x1220 [23827.502831] ? process_one_work+0x14e0/0x14e0 [23827.503627] kthread+0x328/0x3f0 [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40 [23827.505065] ? __kthread_bind_mask+0x90/0x90 [23827.505912] ret_from_fork+0x1f/0x30 [23827.506621] [23827.506987] Allocated by task 28248: [23827.507694] kasan_save_stack+0x1b/0x40 [23827.508476] __kasan_kmalloc+0x7c/0x90 [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core] [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core] [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core] [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core] [23827.513298] tc_setup_cb_add+0x1d5/0x420 [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower] [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower] [23827.515821] tc_new_tfilter+0x89a/0x2070 [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0 [23827.517300] netlink_rcv_skb+0x11d/0x340 [23827.518021] netlink_unicast+0x42b/0x700 [23827.518742] netlink_sendmsg+0x743/0xc20 [23827.519467] sock_sendmsg+0xb2/0xe0 [23827.520131] _syssendmsg+0x590/0x770 [23827.520851] _sys_sendmsg+0xd8/0x160 [23827.521552] __sys_sendmsg+0xb7/0x140 [23827.522238] do_syscall_64+0x3a/0x70 [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae [23827.523797] [23827.524163] Freed by task 25948: [23827.524780] kasan_save_stack+0x1b/0x40 [23827.525488] kasan_set_track+0x1c/0x30 [23827.526187] kasan_set_free_info+0x20/0x30 [23827.526968] __kasan_slab_free+0xed/0x130 [23827.527709] slab_free_freelist_hook+0xcf/0x1d0 [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0 [23827.529317] kfree_rcu_work+0x55f/0xb70 [23827.530024] process_one_work+0x8ac/0x14e0 [23827.530770] worker_thread+0x53b/0x1220 [23827.531480] kthread+0x328/0x3f0 [23827.532114] ret_from_fork+0x1f/0x30 [23827.532785] [23827.533147] Last potentially related work creation: [23827.534007] kasan_save_stack+0x1b/0x40 [23827.534710] kasan_record_aux_stack+0xab/0xc0 [23827.535492] kvfree_call_rcu+0x31/0x7b0 [23827.536206] mlx5e_tc_del ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:13Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free of encap entry in neigh update handler\n\nFunction mlx5e_rep_neigh_update() wasn\u0027t updated to accommodate rtnl lock\nremoval from TC filter update path and properly handle concurrent encap\nentry insertion/deletion which can lead to following use-after-free:\n\n [23827.464923] ==================================================================\n [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635\n [23827.472251]\n [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5\n [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core]\n [23827.476731] Call Trace:\n [23827.477260]  dump_stack+0xbb/0x107\n [23827.477906]  print_address_description.constprop.0+0x18/0x140\n [23827.478896]  ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.479879]  ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.480905]  kasan_report.cold+0x7c/0xd8\n [23827.481701]  ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.482744]  kasan_check_range+0x145/0x1a0\n [23827.493112]  mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.494054]  ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core]\n [23827.495296]  mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core]\n [23827.496338]  ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core]\n [23827.497486]  ? read_word_at_a_time+0xe/0x20\n [23827.498250]  ? strscpy+0xa0/0x2a0\n [23827.498889]  process_one_work+0x8ac/0x14e0\n [23827.499638]  ? lockdep_hardirqs_on_prepare+0x400/0x400\n [23827.500537]  ? pwq_dec_nr_in_flight+0x2c0/0x2c0\n [23827.501359]  ? rwlock_bug.part.0+0x90/0x90\n [23827.502116]  worker_thread+0x53b/0x1220\n [23827.502831]  ? process_one_work+0x14e0/0x14e0\n [23827.503627]  kthread+0x328/0x3f0\n [23827.504254]  ? _raw_spin_unlock_irq+0x24/0x40\n [23827.505065]  ? __kthread_bind_mask+0x90/0x90\n [23827.505912]  ret_from_fork+0x1f/0x30\n [23827.506621]\n [23827.506987] Allocated by task 28248:\n [23827.507694]  kasan_save_stack+0x1b/0x40\n [23827.508476]  __kasan_kmalloc+0x7c/0x90\n [23827.509197]  mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core]\n [23827.510194]  mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core]\n [23827.511218]  __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core]\n [23827.512234]  mlx5e_configure_flower+0x191c/0x4870 [mlx5_core]\n [23827.513298]  tc_setup_cb_add+0x1d5/0x420\n [23827.514023]  fl_hw_replace_filter+0x382/0x6a0 [cls_flower]\n [23827.514975]  fl_change+0x2ceb/0x4a51 [cls_flower]\n [23827.515821]  tc_new_tfilter+0x89a/0x2070\n [23827.516548]  rtnetlink_rcv_msg+0x644/0x8c0\n [23827.517300]  netlink_rcv_skb+0x11d/0x340\n [23827.518021]  netlink_unicast+0x42b/0x700\n [23827.518742]  netlink_sendmsg+0x743/0xc20\n [23827.519467]  sock_sendmsg+0xb2/0xe0\n [23827.520131]  ____sys_sendmsg+0x590/0x770\n [23827.520851]  ___sys_sendmsg+0xd8/0x160\n [23827.521552]  __sys_sendmsg+0xb7/0x140\n [23827.522238]  do_syscall_64+0x3a/0x70\n [23827.522907]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n [23827.523797]\n [23827.524163] Freed by task 25948:\n [23827.524780]  kasan_save_stack+0x1b/0x40\n [23827.525488]  kasan_set_track+0x1c/0x30\n [23827.526187]  kasan_set_free_info+0x20/0x30\n [23827.526968]  __kasan_slab_free+0xed/0x130\n [23827.527709]  slab_free_freelist_hook+0xcf/0x1d0\n [23827.528528]  kmem_cache_free_bulk+0x33a/0x6e0\n [23827.529317]  kfree_rcu_work+0x55f/0xb70\n [23827.530024]  process_one_work+0x8ac/0x14e0\n [23827.530770]  worker_thread+0x53b/0x1220\n [23827.531480]  kthread+0x328/0x3f0\n [23827.532114]  ret_from_fork+0x1f/0x30\n [23827.532785]\n [23827.533147] Last potentially related work creation:\n [23827.534007]  kasan_save_stack+0x1b/0x40\n [23827.534710]  kasan_record_aux_stack+0xab/0xc0\n [23827.535492]  kvfree_call_rcu+0x31/0x7b0\n [23827.536206]  mlx5e_tc_del\n---truncated---",
  "id": "GHSA-2hh5-254v-jpf4",
  "modified": "2025-11-03T21:31:05Z",
  "published": "2024-05-21T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47247"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d1e7a7964ce6abb28883a3906bbc20fe0009f03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HHC-69MG-J8FR

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:17:08Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-2hhc-69mg-j8fr",
  "modified": "2026-04-14T18:30:39Z",
  "published": "2026-04-14T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32075"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HMQ-PR23-R74W

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:16:06Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-2hmq-pr23-r74w",
  "modified": "2025-10-14T18:30:35Z",
  "published": "2025-10-14T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59243"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59243"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HQ2-46WF-3MHV

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: qcom/emac: fix UAF in emac_remove

adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:18Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qcom/emac: fix UAF in emac_remove\n\nadpt is netdev private data and it cannot be\nused after free_netdev() call. Using adpt after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.",
  "id": "GHSA-2hq2-46wf-3mhv",
  "modified": "2024-12-26T21:30:35Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47311"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247b6c7cb4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.