CWE-590
17 CVEs classified under CWE-590. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32911 | Critical | 9.0 | 2025-04-15 | A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP cli… |
CVE-2023-42459 | High | 8.6 | 2023-10-16 | Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA subme… |
CVE-2022-31625 | High | 8.1 | 2022-06-16 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the para… |
CVE-2026-20810 | High | 7.8 | 2026-01-13 | Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-54899 | High | 7.8 | 2025-09-09 | Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2021-3939 | High | 7.8 | 2021-11-17 | Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static… |
CVE-2022-31627 | High | 7.7 | 2022-07-28 | In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorre… |
CVE-2025-42995 | High | 7.5 | 2025-06-10 | SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that… |
CVE-2025-42994 | High | 7.5 | 2025-06-10 | SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server proces… |
CVE-2023-25565 | High | 7.5 | 2023-02-14 | GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target inf… |
CVE-2023-22291 | High | 7.0 | 2023-04-05 | An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt… |
CVE-2021-39218 | Medium | 6.3 | 2021-09-17 | Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulner… |
CVE-2026-47328 | Medium | 6.1 | 2026-05-28 | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the sam… |
CVE-2025-42996 | Medium | 5.6 | 2025-06-10 | SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the abilit… |
CVE-2025-5899 | Medium | 5.3 | 2025-06-09 | A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_var… |
CVE-2021-42377 | | 2021-11-15 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, du… | |
CVE-2020-6016 | | 2020-11-18 | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment()… |