Weaknesses of type CWE-416

4,138 results
CVE-2023-21724HIGHMicrosoft DWM Core Library Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-25955MEDIUMFreeRDP has heap-use-after-free in xf_AppUpdateWindowFromSurface (stale XImage)EPSS 0.5%CVE-2018-6555The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows loEPSS 0.5%CVE-2022-2889HIGHUse After Free in vim/vimEPSS 0.5%CVE-2025-1931HIGHUse-after-free in WebTransportChildEPSS 0.5%CVE-2023-51568LOWKofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure VulnerabilityEPSS 0.5%CVE-2025-7657HIGHUse after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.5%CVE-2022-3016HIGHUse After Free in vim/vimEPSS 0.5%CVE-2022-38442HIGHAdobe Dimension SKP File Parsing Use-After-Free Remote Code Execution VulnerabilityEPSS 0.5%CVE-2025-24046HIGHKernel Streaming Service Driver Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2025-24072HIGHMicrosoft Local Security Authority (LSA) Server Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2022-38444HIGHAdobe Dimension SKP File Parsing Use-After-Free Remote Code Execution VulnerabilityEPSS 0.5%CVE-2021-20227A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries lEPSS 0.5%CVE-2026-20952HIGHMicrosoft Office Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-7000HIGHUse after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gesturEPSS 0.5%CVE-2024-21803LOWPossible UAF in bt_accept_poll in Linux kernelEPSS 0.5%CVE-2023-21755HIGHWindows Kernel Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-10948HIGHUse after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a EPSS 0.5%CVE-2025-4372HIGHUse after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crEPSS 0.5%CVE-2026-10947HIGHUse after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a EPSS 0.5%