Search Results (9071 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-48563 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-07-08 7.5 High
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47654 1 Microsoft 7 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 4 more 2026-07-08 7.5 High
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47653 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 8.8 High
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-45461 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45458 1 Microsoft 13 365 Apps, Microsoft 365, Office 2019 and 10 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-44823 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-08 7.8 High
Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-45486 1 Microsoft 7 365 Apps, Microsoft 365, Office 2021 and 4 more 2026-07-08 7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45474 1 Microsoft 10 365 Apps, Office, Office 2016 and 7 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45472 1 Microsoft 11 365 Apps, Microsoft 365 Apps For Enterprise, Office and 8 more 2026-07-08 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-13844 1 Google 1 Chrome 2026-07-08 7.8 High
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CVE-2026-48090 1 Envoyproxy 1 Envoy 2026-07-08 5.9 Medium
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClient completion can still invoke OAuth2Filter methods that use StreamDecoderFilterCallbacks after that object’s lifetime has ended, causing undefined behavior, worker crashes (availability loss), and use-after-free / invalid-vptr failures under AddressSanitizer. This is a memory-safety / lifetime issue in the data plane, not a trivial config bug. Remote code execution is not claimed here; the primary demonstrated impact is DoS via crash and UB; any further impact would be deployment- and allocator-dependent. This vulnerability is fixed in 1.37.5 and 1.38.3.
CVE-2026-14024 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-50263 2 Redhat, X.org 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more 2026-07-08 5.5 Medium
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-14121 1 Google 1 Chrome 2026-07-08 9.8 Critical
Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)
CVE-2026-24266 1 Nvidia 1 Triton Inference Server 2026-07-08 5.9 Medium
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-14403 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-10536 1 Curl 1 Curl 2026-07-08 9.8 Critical
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
CVE-2026-56000 2026-07-08 6.5 Medium
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
CVE-2026-14025 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14067 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)