Total
6311 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8526 | 1 Apple | 1 Mac Os X | 2025-07-30 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. | ||||
| CVE-2019-8605 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-07-30 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2020-0674 | 1 Microsoft | 15 Internet Explorer, Windows 10 1507, Windows 10 1607 and 12 more | 2025-07-30 | 7.5 High |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | ||||
| CVE-2020-6820 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2025-07-30 | 8.1 High |
| Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | ||||
| CVE-2020-6819 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2025-07-30 | 8.1 High |
| Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. | ||||
| CVE-2020-3992 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-07-30 | 9.8 Critical |
| OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. | ||||
| CVE-2020-16017 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-07-30 | 9.6 Critical |
| Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2020-6572 | 1 Google | 1 Chrome | 2025-07-30 | 8.8 High |
| Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2021-26411 | 1 Microsoft | 16 Edge, Internet Explorer, Windows 10 1507 and 13 more | 2025-07-30 | 8.8 High |
| Internet Explorer Memory Corruption Vulnerability | ||||
| CVE-2021-21193 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-07-30 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-25370 | 1 Samsung | 1 Android | 2025-07-30 | 6.1 Medium |
| An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. | ||||
| CVE-2021-22893 | 1 Ivanti | 1 Connect Secure | 2025-07-30 | 10 Critical |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | ||||
| CVE-2021-21206 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-1905 | 1 Qualcomm | 792 Apq8009, Apq8009 Firmware, Apq8009w and 789 more | 2025-07-30 | 8.4 High |
| Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-28663 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-07-30 | 8.8 High |
| The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. | ||||
| CVE-2021-31166 | 1 Microsoft | 7 Windows 10 1809, Windows 10 2004, Windows 10 20h2 and 4 more | 2025-07-30 | 9.8 Critical |
| HTTP Protocol Stack Remote Code Execution Vulnerability | ||||
| CVE-2021-29256 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-07-30 | 8.8 High |
| . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. | ||||
| CVE-2021-25394 | 1 Samsung | 1 Android | 2025-07-30 | 6.4 Medium |
| A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | ||||
| CVE-2021-30554 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | 8.8 High |
| Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-34486 | 1 Microsoft | 11 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 8 more | 2025-07-30 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||