CWE-416 · Use After Free
7649 CVEs classified under CWE-416 (Use After Free). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4725 | Critical | 10.0 | 2026-03-24 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
CVE-2026-4688 | Critical | 10.0 | 2026-03-24 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149… |
CVE-2025-24085 | Critical | 10.0 | 2025-01-27 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS… |
CVE-2024-43102 | Critical | 10.0 | 2024-09-05 | Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference c… |
CVE-2021-32495 | Critical | 10.0 | 2023-07-07 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to ca… |
CVE-2021-33796 | Critical | 10.0 | 2023-07-07 | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. |
CVE-2021-22893 | Critical | 10.0 | 2021-04-23 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure… |
CVE-2016-6082 | Critical | 10.0 | 2017-02-01 | IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit… |
CVE-2025-49708 | Critical | 9.9 | 2025-10-14 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. |
CVE-2025-49844 | Critical | 9.9 | 2025-10-03 | Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script t… |
CVE-2009-3616 | Critical | 9.9 | 2009-10-23 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host… |
CVE-2026-7531 | Critical | 9.8 | 2026-06-25 | Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a… |
CVE-2026-12293 | Critical | 9.8 | 2026-06-16 | Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. |
CVE-2026-45657 | Critical | 9.8 | 2026-06-09 | Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. |
CVE-2026-29167 | Critical | 9.8 | 2026-06-08 | Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4… |
CVE-2026-45972 | Critical | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and… |
CVE-2026-33278 | Critical | 9.8 | 2026-05-20 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote cod… |
CVE-2026-45185 | Critical | 9.8 | 2026-05-12 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client send… |
CVE-2026-7261 | Critical | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESS… |
CVE-2026-6722 | Critical | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stor… |