Total
6021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55691 | 2025-10-14 | N/A | 7.0 HIGH | ||
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55690 | 2025-10-14 | N/A | 7.0 HIGH | ||
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58728 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55686 | 2025-10-14 | N/A | 7.0 HIGH | ||
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55689 | 2025-10-14 | N/A | 7.0 HIGH | ||
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-52886 | 1 Freedesktop | 1 Poppler | 2025-10-10 | N/A | 5.9 MEDIUM |
| Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. | |||||
| CVE-2024-43830 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups(). | |||||
| CVE-2024-43883 | 1 Linux | 1 Linux Kernel | 2025-10-09 | N/A | 7.0 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. | |||||
| CVE-2025-47354 | 2025-10-09 | N/A | 7.8 HIGH | ||
| Memory corruption while allocating buffers in DSP service. | |||||
| CVE-2025-5100 | 1 Dynamixsoftware | 1 Printershare | 2025-10-08 | N/A | 8.0 HIGH |
| A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | |||||
| CVE-2024-42326 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 4.4 MEDIUM |
| There was discovered a use after free bug in browser.c in the es_browser_get_variant function | |||||
| CVE-2024-42331 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 3.3 LOW |
| In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection. | |||||
| CVE-2024-46716 | 1 Linux | 1 Linux Kernel | 2025-10-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list. | |||||
| CVE-2024-42112 | 1 Linux | 1 Linux Kernel | 2025-10-07 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path. | |||||
| CVE-2022-49043 | 1 Xmlsoft | 1 Libxml2 | 2025-10-07 | N/A | 8.1 HIGH |
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | |||||
| CVE-2025-61692 | 1 Keyence | 1 Vt Studio | 2025-10-07 | N/A | 7.8 HIGH |
| VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | |||||
| CVE-2024-45544 | 1 Qualcomm | 88 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 85 more | 2025-10-06 | N/A | 6.6 MEDIUM |
| Memory corruption while processing IOCTL calls to add route entry in the HW. | |||||
| CVE-2024-45540 | 1 Qualcomm | 136 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 133 more | 2025-10-06 | N/A | 6.6 MEDIUM |
| Memory corruption while invoking IOCTL map buffer request from userspace. | |||||
| CVE-2024-43066 | 1 Qualcomm | 196 Csrb31024, Csrb31024 Firmware, Fastconnect 6200 and 193 more | 2025-10-06 | N/A | 7.8 HIGH |
| Memory corruption while handling file descriptor during listener registration/de-registration. | |||||
| CVE-2024-49848 | 1 Qualcomm | 294 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 291 more | 2025-10-06 | N/A | 6.7 MEDIUM |
| Memory corruption while processing multiple IOCTL calls from HLOS to DSP. | |||||