Total
5984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40449 | 1 Microsoft | 26 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 23 more | 2025-03-13 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-9420 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-03-13 | 8.8 High |
| A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | ||||
| CVE-2021-4102 | 1 Google | 1 Chrome | 2025-03-13 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2024-3158 | 1 Google | 1 Chrome | 2025-03-13 | 8.8 High |
| Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6241 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2025-03-13 | 7.8 High |
| Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0. | ||||
| CVE-2024-30416 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-3168 | 1 Google | 1 Chrome | 2025-03-13 | 8.8 High |
| Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-47730 | 1 Linux | 1 Linux Kernel | 2025-03-13 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory. | ||||
| CVE-2024-39494 | 1 Linux | 1 Linux Kernel | 2025-03-13 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead. | ||||
| CVE-2023-23586 | 1 Linux | 1 Linux Kernel | 2025-03-12 | 5.5 Medium |
| Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring | ||||
| CVE-2025-2013 | 2025-03-12 | N/A | ||
| Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25186. | ||||
| CVE-2025-27159 | 2025-03-12 | 7.8 High | ||
| Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27160 | 2025-03-12 | 7.8 High | ||
| Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27174 | 2025-03-12 | 7.8 High | ||
| Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-2136 | 2025-03-12 | 8.8 High | ||
| Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-21397 | 1 Microsoft | 2 365 Apps, Office | 2025-03-12 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-21394 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-03-12 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21392 | 1 Microsoft | 2 365 Apps, Office | 2025-03-12 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2025-21387 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-03-12 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2025-21386 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-03-12 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||