Lucene search
+L

105501 matches found

BDU FSTEC
BDU FSTEC
added yesterday21 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday8 views

kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete

A flaw was found in the Linux kernel's xfrm IPSec framework subsystem. This vulnerability, a use-after-free, occurs when the system incorrectly manages memory related to security policies, specifically during the deletion of xfrmstate lists. An attacker with local access could exploit this flaw b...

7.8CVSS6.3AI score0.0013EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday8 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits28References6
RedHat Linux
RedHat Linux
added yesterday5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.2AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday7 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

8.8CVSS7.6AI score0.00176EPSS
Exploits5References6
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-57076

A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...

7.8CVSS6AI score0.00186EPSS
Exploits0References5
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS5.4AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS0.00186EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-13713

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

6.2CVSS5.4AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-13713

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

6.2CVSS0.00186EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago8 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits28References6
RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits28References6
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

0.00186EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-13713

CVE-2026-13713 affects YAML::Syck versions before 1.47 (Perl). A use-after-free and double-free occurs when an anchor is redefined while still on the parser value stack, due to how syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node. The freed node may still be live on the value stack,...

6.2CVSS6.1AI score0.00186EPSS
Exploits0References3
OSV
OSV
added 2 days ago5 views

GHSA-GGXF-9F6J-W742 Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

6.9CVSS6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-43731

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...

8.8CVSS6AI score0.00201EPSS
Exploits0References5
OSV
OSV
added 2 days ago4 views

CVE-2026-55406 Buffa: Use-After-Free in OwnedView via Unsound 'static Lifetime Promotion in Deref

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView type allowed safe Rust code to trigger a use-after-free: the OwnedView::decode constructor transmuted a borrowed slice to &'static u8, and the Deref...

5.9CVSS6.2AI score0.00128EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-43740

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, leading to disclosure of process memory...

6.5CVSS6AI score0.00203EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-43742

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0025EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-43734

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0024EPSS
Exploits0References5
Rows per page
Query Builder