CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 110 of 148
- CVE-2025-24078HIGHCVSS 7.0EG 7.02025-03-11
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24079HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24080HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24081HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-24082HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-24085CRITICALCVSS 10.0EG 10.0⚠ KEV2025-01-27
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A m…
- CVE-2025-24252HIGHCVSS 8.8EG 9.82025-04-29
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on th…
- CVE-2025-24298HIGHCVSS 8.4EG 8.42025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
- CVE-2025-24301LOWCVSS 3.8EG 3.82025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-2476HIGHCVSS 8.8EG 8.82025-03-19
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2025-24855HIGHCVSS 7.8EG 7.82025-03-14
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStrin…
- CVE-2025-24898MEDIUMCVSS 6.3EG 6.32025-02-03
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. …
- CVE-2025-24983HIGHCVSS 7.0EG 9.0⚠ KEV2025-03-11
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- CVE-2025-25177MEDIUMCVSS 5.1EG 5.12025-09-22
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
- CVE-2025-2532HIGHCVSS 7.8EG 7.82025-03-25
Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit …
- CVE-2025-25568CRITICALCVSS 9.8EG 9.82025-03-12
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate to…
- CVE-2025-26594HIGHCVSS 7.8EG 7.82025-02-25
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
- CVE-2025-26600HIGHCVSS 7.8EG 7.82025-02-25
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
- CVE-2025-26601HIGHCVSS 7.8EG 7.82025-02-25
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one o…
- CVE-2025-26603MEDIUMCVSS 4.2EG 4.22025-02-18
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers…
- CVE-2025-26623CRITICALCVSS 9.8EG 9.82025-02-18
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, …
- CVE-2025-26629HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-26630HIGHCVSS 7.8EG 7.82025-03-11
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
- CVE-2025-26640HIGHCVSS 7.0EG 7.02025-04-08
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
- CVE-2025-26648HIGHCVSS 7.8EG 7.82025-04-08
Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-26649HIGHCVSS 7.0EG 7.02025-04-08
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
- CVE-2025-26663HIGHCVSS 8.1EG 8.12025-04-08
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
- CVE-2025-26670HIGHCVSS 8.1EG 8.12025-04-08
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
- CVE-2025-26671HIGHCVSS 8.1EG 8.12025-04-08
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- CVE-2025-26679HIGHCVSS 7.8EG 7.82025-04-08
Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-26681MEDIUMCVSS 6.7EG 6.72025-04-08
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2025-26687HIGHCVSS 7.5EG 7.52025-04-08
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-27031HIGHCVSS 7.8EG 7.82025-06-03
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
- CVE-2025-27037HIGHCVSS 7.8EG 7.82025-09-24
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.
- CVE-2025-27038HIGHCVSS 7.5EG 9.0⚠ KEV2025-06-03
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
- CVE-2025-27047HIGHCVSS 7.8EG 7.82025-07-08
Memory corruption while processing the TESTPATTERNCONFIG escape path.
- CVE-2025-27050HIGHCVSS 7.8EG 7.82025-07-08
Memory corruption while processing event close when client process terminates abruptly.
- CVE-2025-27056HIGHCVSS 7.8EG 7.82025-07-08
Memory corruption during sub-system restart while processing clean-up to free up resources.
- CVE-2025-27063HIGHCVSS 7.8EG 7.82025-12-18
Memory corruption during video playback when video session open fails with time out error.
- CVE-2025-27077HIGHCVSS 7.8EG 7.82025-09-24
Memory corruption while processing message in guest VM.
- CVE-2025-27128HIGHCVSS 8.4EG 8.42025-08-11
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
- CVE-2025-27159HIGHCVSS 7.8EG 7.82025-03-11
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2025-27160HIGHCVSS 7.8EG 7.82025-03-11
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2025-27174HIGHCVSS 7.8EG 7.82025-03-11
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2025-27181HIGHCVSS 7.8EG 7.82025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that…
- CVE-2025-27200HIGHCVSS 7.8EG 7.82025-04-08
Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi…
- CVE-2025-27365MEDIUMCVSS 6.5EG 6.52025-05-01
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the A…
- CVE-2025-27467HIGHCVSS 7.8EG 7.82025-04-08
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
- CVE-2025-27476HIGHCVSS 7.8EG 7.82025-04-08
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
- CVE-2025-27480HIGHCVSS 8.1EG 8.12025-04-08
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →