CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 121 of 148
- CVE-2025-6661HIGHCVSS 7.8EG 7.82025-06-25
PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit…
- CVE-2025-66627HIGHCVSS 7.8EG 8.42025-12-09
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerabilit…
- CVE-2025-6706HIGHCVSS 8.8EG 5.02025-06-26
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by is…
- CVE-2025-6856HIGHCVSS 7.8EG 3.32025-06-29
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit ha…
- CVE-2025-68617HIGHCVSS 7.0EG 7.02025-12-23
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may b…
- CVE-2025-68656MEDIUMCVSS 6.8EG 6.82026-01-12
Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested but conti…
- CVE-2025-68817HIGHCVSS 7.8EG 7.82026-01-13
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another…
- CVE-2025-69627HIGHCVSS 8.4EG 8.42026-04-13
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which t…
- CVE-2025-6971HIGHCVSS 7.8EG 7.82025-07-15
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted…
- CVE-2025-6972HIGHCVSS 7.8EG 7.82025-07-15
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted…
- CVE-2025-6973HIGHCVSS 7.8EG 7.82025-07-15
Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
- CVE-2025-7042HIGHCVSS 7.8EG 7.82025-07-15
Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT fi…
- CVE-2025-70968CRITICALCVSS 9.8EG 9.82026-01-14
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
- CVE-2025-71071HIGHCVSS 7.8EG 7.82026-01-13
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on e…
- CVE-2025-71073HIGHCVSS 7.8EG 7.82026-01-13
In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lk…
- CVE-2025-71075HIGHCVSS 7.8EG 7.82026-01-13
In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, le…
- CVE-2025-71099HIGHCVSS 7.8EG 7.82026-01-13
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the…
- CVE-2025-71110HIGHCVSS 7.8EG 7.82026-01-14
In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free(). On A…
- CVE-2025-71159HIGHCVSS 7.8EG 7.82026-01-23
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring t…
- CVE-2025-71162HIGHCVSS 7.8EG 7.82026-01-25
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. Th…
- CVE-2025-7425HIGHCVSS 7.8EG 7.82025-07-10
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the prope…
- CVE-2025-7657HIGHCVSS 8.8EG 8.82025-07-15
Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-7993HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Cobalt LI File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required t…
- CVE-2025-8045MEDIUMCVSS 4.0EG 4.02025-12-01
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed …
- CVE-2025-8176HIGHCVSS 7.8EG 5.32025-07-26
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be appr…
- CVE-2025-8292HIGHCVSS 8.8EG 8.82025-07-30
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-8410HIGHCVSS 7.4EG 7.42025-09-23
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
- CVE-2025-8576HIGHCVSS 8.8EG 8.82025-08-07
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-8578HIGHCVSS 8.8EG 8.82025-08-07
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-8837HIGHCVSS 7.8EG 5.32025-08-11
A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be appr…
- CVE-2025-8842HIGHCVSS 7.8EG 5.32025-08-11
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has b…
- CVE-2025-8882HIGHCVSS 8.8EG 8.82025-08-13
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M…
- CVE-2025-9020MEDIUMCVSS 4.5EG 4.52025-08-15
A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler…
- CVE-2025-9157MEDIUMCVSS 5.3EG 5.32025-08-19
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free…
- CVE-2025-9385MEDIUMCVSS 5.5EG 5.32025-08-24
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to loc…
- CVE-2025-9386MEDIUMCVSS 5.5EG 5.32025-08-24
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried o…
- CVE-2025-9394MEDIUMCVSS 5.5EG 5.32025-08-24
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after fr…
- CVE-2025-9449HIGHCVSS 7.8EG 7.82025-09-17
A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
- CVE-2025-9478HIGHCVSS 8.8EG 8.82025-08-26
Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-0125HIGHCVSS 7.0EG 7.02026-06-16
In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2026-0137HIGHCVSS 7.8EG 7.82026-06-16
In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n…
- CVE-2026-0143HIGHCVSS 7.8EG 7.82026-06-16
In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for…
- CVE-2026-0794CRITICALCVSS 9.8EG 8.12026-01-23
ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not …
- CVE-2026-0882HIGHCVSS 8.8EG 8.82026-01-13
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-0884CRITICALCVSS 9.8EG 9.82026-01-13
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-0885MEDIUMCVSS 6.5EG 6.52026-01-13
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-0908HIGHCVSS 8.8EG 8.82026-01-20
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-10000HIGHCVSS 8.3EG 8.32026-05-28
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity…
- CVE-2026-10001HIGHCVSS 8.3EG 8.32026-05-28
Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: …
- CVE-2026-10002HIGHCVSS 8.8EG 8.82026-05-28
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →