High
CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Tag: Use-After-Free
All CVEs associated with "Use-After-Free". Page 4/58 • 6956 CVEs.
Subscribe CVEs: RSS for “Use-After-Free” · RSS (High+Critical only)
About “Use-After-Free”
A curated feed of “Use-After-Free”-related CVEs appears below. We currently track 6956 CVEs for this tag (all time). In the last 365 days, 1453 were published. Average CVSS is 7.9 (all time; 7.6 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-04-21
High
CVE-2026-6754
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
High
CVE-2026-6747
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
High
CVE-2026-6746
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
2026-04-20
Medium
CVE-2026-6654
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
2026-04-16
High
CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux,…
2026-04-15
Medium
CVE-2026-6362
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…
High
CVE-2026-6360
Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6359
Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM…
High
CVE-2026-6358
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic…
High
CVE-2026-6319
Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…
High
CVE-2026-6318
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
High
CVE-2026-6317
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6316
Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6315
Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craf…
High
CVE-2026-6310
Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
High
CVE-2026-6309
Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…
High
CVE-2026-6304
Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
High
CVE-2026-6303
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6302
Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6300
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-6299
Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
High
CVE-2026-6297
Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
2026-04-14
High
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loa…
High
CVE-2026-33021
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixel_encoder_encode_bytes() because sixel_frame_init…
High
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu…
High
CVE-2026-33018
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single…
High
CVE-2026-33115
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2026-33101
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
High
CVE-2026-33100
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-33099
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-33098
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
High
CVE-2026-33095
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32200
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2026-32199
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2026-32198
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2026-32197
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2026-32190
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2026-32189
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2026-32165
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32157
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
High
CVE-2026-32156
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
High
CVE-2026-32155
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32154
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32153
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32152
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32089
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32080
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32078
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32075
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32073
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-32070
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Medium
CVE-2026-27925
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
High
CVE-2026-27924
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27923
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27922
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27917
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27916
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27915
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27909
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
High
CVE-2026-27908
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
High
CVE-2026-26182
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-26181
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
High
CVE-2026-26177
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
High
CVE-2026-26165
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
High
CVE-2026-23657
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi…
2026-04-13
Medium
CVE-2026-40311
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash…
Critical
CVE-2026-6100
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-u…
High
CVE-2025-69627
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated a…
High
CVE-2026-31426
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on reduced-hardw…
High
CVE-2026-31419
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (deter…
2026-04-10
Critical
CVE-2026-6068
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response…
Medium
CVE-2026-5460
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the in…
2026-04-09
High
CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-…
Medium
CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be trig…
2026-04-08
High
CVE-2026-5904
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte…
High
CVE-2026-5883
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
High
CVE-2026-5877
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Critical
CVE-2026-5874
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a craf…
High
CVE-2026-5872
Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-5866
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-5861
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-5860
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
2026-04-07
High
CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-…
Medium
CVE-2026-39316
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd)…
2026-04-06
High
CVE-2025-54602
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on…
Low
CVE-2026-34764
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscre…
High
CVE-2026-31408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lo…
2026-04-04
High
CVE-2026-34774
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child…
Medium
CVE-2026-34772
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and prog…
High
CVE-2026-34771
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous…
High
CVE-2026-34770
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor mod…
2026-04-03
High
CVE-2026-31399
In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_a…
High
CVE-2026-31396
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on ever…
High
CVE-2026-31389
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event th…
Unknown
CVE-2026-23471
In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug When trying to do a rather aggressive test…
High
CVE-2026-23461
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user After commit ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in…
High
CVE-2026-23458
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() ctnetlink_dump_exp_ct() stores a conntrack pointer in cb->dat…
High
CVE-2026-23454
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown A potential race condition exists in mana_hwc_…
Medium
CVE-2026-23452
In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->pare…
Critical
CVE-2026-23450
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_…
Medium
CVE-2026-23443
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dere…
High
CVE-2026-23432
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshv_map_user_memory error path In the error path of mshv_map_user_memory(), calling vfree() directly…
Critical
CVE-2026-23428
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without…
Critical
CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_i…
2026-04-02
High
CVE-2026-23415
In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy…
High
CVE-2026-23413
In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback…
High
CVE-2026-23412
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping h…
2026-04-01
High
CVE-2026-23410
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata…
Critical
CVE-2026-5290
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…
Critical
CVE-2026-5289
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
Critical
CVE-2026-5288
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…
High
CVE-2026-5287
Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
High
CVE-2026-5286
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-5285
Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
High
CVE-2026-5284
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium securit…
High
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium securit…
High
CVE-2026-5280
Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)