Search Results (9065 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6100 1 Python 1 Cpython 2026-04-17 8.1 High
Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
CVE-2026-25953 1 Freerdp 1 Freerdp 2026-04-17 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime protection, while the main thread can concurrently delete the window through a fastpath window-delete order. Version 3.23.0 fixes the issue.
CVE-2026-25955 1 Freerdp 1 Freerdp 2026-04-17 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->data` without invalidating the `appWindow->image` that aliases it. Version 3.23.0 fixes the issue.
CVE-2026-25959 1 Freerdp 1 Freerdp 2026-04-17 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.
CVE-2026-25997 1 Freerdp 1 Freerdp 2026-04-17 9.8 Critical
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.
CVE-2026-26986 1 Freerdp 1 Freerdp 2026-04-17 7.5 High
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title allocation failure without first removing the entry from the `railWindows` hash table, leaving a dangling pointer that is freed again on disconnect. Version 3.23.0 fixes the vulnerability.
CVE-2026-22040 2 Emqx, Nanomq 2 Nanomq, Nanomq 2026-04-17 5.3 Medium
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available.
CVE-2026-3924 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-17 7.5 High
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-20844 1 Microsoft 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more 2026-04-16 7.4 High
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20953 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-04-16 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20830 1 Microsoft 1 Windows Server 2025 2026-04-16 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20854 1 Microsoft 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more 2026-04-16 7.5 High
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
CVE-2026-20863 1 Microsoft 10 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 7 more 2026-04-16 7 High
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20867 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-04-16 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20871 1 Microsoft 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more 2026-04-16 7.8 High
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-20950 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-04-16 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20952 1 Microsoft 9 365 Apps, Office, Office 2016 and 6 more 2026-04-16 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-39316 1 Openprinting 1 Cups 2026-04-16 4 Medium
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution.
CVE-2026-34763 1 Rack 1 Rack 2026-04-16 5.3 Medium
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
CVE-2026-5883 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-16 8.8 High
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)