Export limit exceeded: 340656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (743 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2925 | 1 Hdfgroup | 1 Hdf5 | 2025-07-24 | 3.3 Low |
| A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-1000216 | 1 Davegamble | 1 Cjson | 2025-07-22 | N/A |
| Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. | ||||
| CVE-2025-27051 | 2 Microsoft, Qualcomm | 21 Windows, Fastconnect 6900, Fastconnect 6900 Firmware and 18 more | 2025-07-21 | 7.8 High |
| Memory corruption while processing command message in WLAN Host. | ||||
| CVE-2024-3187 | 1 Embedthis | 1 Goahead | 2025-07-13 | 5.9 Medium |
| This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent. | ||||
| CVE-2023-24903 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-10 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2024-38157 | 1 Microsoft | 1 Azure Iot Hub Device Client Sdk | 2025-07-10 | 7 High |
| Azure IoT SDK Remote Code Execution Vulnerability | ||||
| CVE-2024-49014 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
| SQL Server Native Client Remote Code Execution Vulnerability | ||||
| CVE-2024-43640 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2025-07-08 | 7.8 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-43447 | 1 Microsoft | 1 Windows Server 2022 | 2025-07-08 | 8.1 High |
| Windows SMBv3 Server Remote Code Execution Vulnerability | ||||
| CVE-2024-43514 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 7.8 High |
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | ||||
| CVE-2022-28390 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2025-06-25 | 7.8 High |
| ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||||
| CVE-2023-26545 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2025-06-25 | 4.7 Medium |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | ||||
| CVE-2024-21606 | 1 Juniper | 33 Junos, Srx100, Srx110 and 30 more | 2025-06-17 | 7.5 High |
| A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. | ||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2025-06-17 | 6.7 Medium |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | ||||
| CVE-2025-23095 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | 6.5 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2025-23096 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | 6.5 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2025-23102 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-06-10 | 8.8 High |
| An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2021-27645 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Glibc and 1 more | 2025-06-09 | 2.5 Low |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | ||||
| CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2025-06-09 | 9.1 Critical |
| When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | ||||
| CVE-2024-20498 | 1 Cisco | 52 Meraki Mx, Meraki Mx100, Meraki Mx100 Firmware and 49 more | 2025-06-04 | 8.6 High |
| Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | ||||