CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 107 of 148
- CVE-2025-20091LOWCVSS 3.8EG 3.82025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-2013HIGHCVSS 7.8EG 7.82025-03-11
Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-20626LOWCVSS 3.8EG 3.82025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-20705HIGHCVSS 7.8EG 7.82025-09-01
In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation.…
- CVE-2025-20706HIGHCVSS 7.8EG 7.82025-09-01
In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…
- CVE-2025-20707MEDIUMCVSS 6.7EG 6.72025-09-01
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pa…
- CVE-2025-20743MEDIUMCVSS 4.2EG 4.22025-11-04
In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation.…
- CVE-2025-20744MEDIUMCVSS 4.2EG 4.22025-11-04
In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pa…
- CVE-2025-20745MEDIUMCVSS 4.2EG 4.22025-11-04
In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…
- CVE-2025-20770MEDIUMCVSS 6.7EG 6.72025-12-02
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20772MEDIUMCVSS 6.7EG 6.72025-12-02
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20773MEDIUMCVSS 6.7EG 6.72025-12-02
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20775MEDIUMCVSS 6.7EG 6.72025-12-02
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20779HIGHCVSS 7.0EG 7.02026-01-06
In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…
- CVE-2025-20780HIGHCVSS 7.8EG 7.82026-01-06
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20781HIGHCVSS 7.8EG 7.82026-01-06
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20785MEDIUMCVSS 6.7EG 6.72026-01-06
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20786MEDIUMCVSS 6.7EG 6.72026-01-06
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20787MEDIUMCVSS 6.7EG 6.72026-01-06
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patc…
- CVE-2025-20799HIGHCVSS 7.8EG 7.82026-01-06
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch I…
- CVE-2025-20802MEDIUMCVSS 6.7EG 6.72026-01-06
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pa…
- CVE-2025-20804MEDIUMCVSS 6.7EG 6.72026-01-06
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: AL…
- CVE-2025-20805MEDIUMCVSS 6.7EG 6.72026-01-06
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID…
- CVE-2025-20806MEDIUMCVSS 6.7EG 6.72026-01-06
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID…
- CVE-2025-21159HIGHCVSS 7.8EG 7.82025-02-11
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v…
- CVE-2025-21224HIGHCVSS 8.1EG 8.12025-01-14
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
- CVE-2025-21281HIGHCVSS 7.8EG 7.82025-01-14
Microsoft COM for Windows Elevation of Privilege Vulnerability
- CVE-2025-21295HIGHCVSS 8.1EG 8.12025-01-14
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
- CVE-2025-21296HIGHCVSS 7.5EG 7.52025-01-14
BranchCache Remote Code Execution Vulnerability
- CVE-2025-21297HIGHCVSS 8.1EG 8.12025-01-14
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2025-21298CRITICALCVSS 9.8EG 9.82025-01-14
Windows OLE Remote Code Execution Vulnerability
- CVE-2025-21304HIGHCVSS 7.8EG 7.82025-01-14
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- CVE-2025-21307CRITICALCVSS 9.8EG 9.82025-01-14
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
- CVE-2025-21315HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Brokering File System Elevation of Privilege Vulnerability
- CVE-2025-21334HIGHCVSS 7.8EG 9.0⚠ KEV2025-01-14
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CVE-2025-21335HIGHCVSS 7.8EG 9.0⚠ KEV2025-01-14
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CVE-2025-21345HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2025-2136HIGHCVSS 8.8EG 8.82025-03-10
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-21362HIGHCVSS 8.4EG 7.82025-01-14
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21366HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Access Remote Code Execution Vulnerability
- CVE-2025-21367HIGHCVSS 7.8EG 7.82025-02-11
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
- CVE-2025-21372HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Brokering File System Elevation of Privilege Vulnerability
- CVE-2025-21379HIGHCVSS 7.1EG 7.12025-02-11
DHCP Client Service Remote Code Execution Vulnerability
- CVE-2025-21386HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21387HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21392HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-21394HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21397HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-21406HIGHCVSS 8.8EG 8.82025-02-11
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21424HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption while calling the NPU driver APIs concurrently.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →