By weakness (CWE)
CWE-416: related vulnerabilities
CVEs classified under CWE-416. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
243 published vulnerabilities · page 3 of 3
- CVE-2026-50260HIGH 7.8
A use-after-free vulnerability exists in the X.Org X server and Xwayland display servers. An attacker with local access can exploit this by creating multiple synchronized counters through one client connection, then destroying them from a separate connection, causing the server to access memory that has already been freed. This can crash the display server or, if the X server runs with root privileges, potentially allow privilege escalation to system administrator level.
- CVE-2026-50261HIGH 7.8
A use-after-free memory vulnerability exists in the X.Org X server and Xwayland, specifically in the SyncChangeCounter() function. An attacker with local access can exploit this by setting up multiple sync counters from one client connection and then destroying them from a second connection while modifying the counters. This creates a window where the server attempts to access memory that has already been freed, potentially crashing the display server or—in cases where the X server runs with root privileges—enabling privilege escalation.
- CVE-2026-10003HIGH 7.5
A use-after-free vulnerability in Chrome's Views component allows attackers to execute arbitrary code on affected systems. The flaw requires user interaction—specifically, the victim must perform particular UI gestures after being convinced to visit a malicious webpage. Once triggered, the vulnerability grants the attacker the same privileges as the user running the browser, potentially leading to complete system compromise.
- CVE-2026-10005HIGH 7.5
Google Chrome on macOS contains a use-after-free vulnerability in its WebAppInstalls component that can be exploited to execute arbitrary code. An attacker would need to convince a user to perform specific gestures within a crafted HTML page to trigger the flaw. This affects Chrome versions prior to 148.0.7778.216.
- CVE-2026-10899HIGH 7.5
A use-after-free vulnerability exists in Google Chrome's Ozone display system on Linux that could allow an attacker to corrupt the browser's memory. If a user is tricked into performing specific UI interactions on a malicious webpage, the attacker could potentially execute code or crash the browser. This flaw affects Chrome versions prior to 149.0.7827.53 on Linux systems.
- CVE-2026-10900HIGH 7.5
A use-after-free flaw in Google Chrome's password management feature on macOS allows attackers to corrupt memory and potentially execute code if they trick a user into performing specific interactions with a malicious webpage. The vulnerability requires user interaction and affects Chrome versions before 149.0.7827.53. While rated HIGH by CVSS, the attack surface is narrowed by the need for deliberate user gestures and the complexity of reliable exploitation.
- CVE-2026-10901HIGH 7.5
A use-after-free memory flaw exists in Google Chrome's password manager on macOS. An attacker can trigger the vulnerability by convincing a user to interact with a specially crafted webpage in specific ways—for example, through unusual clicking patterns or drag-and-drop actions in the password UI. Successful exploitation allows remote code execution with the privileges of the Chrome process. This is a memory safety issue where the browser continues to reference password manager data after it has been freed, creating an opportunity for malicious code injection.
- CVE-2026-10906HIGH 7.5
Google Chrome contains a use-after-free vulnerability in its WebAuthentication implementation that can lead to heap memory corruption. An attacker must craft a malicious HTML page and convince a user to interact with it in a specific way—such as clicking or gesturing within the web interface—to trigger the flaw. Successfully exploiting this could allow the attacker to execute arbitrary code or crash the browser. The vulnerability affects Chrome versions before 149.0.7827.53.
- CVE-2026-11154HIGH 7.5
A use-after-free flaw in Google Chrome's Dawn graphics component allows an attacker who has already compromised the renderer process to break out of Chrome's sandbox and potentially gain system-level access. The vulnerability requires the attacker to trick a user into opening a malicious webpage and demands prior compromise of the renderer process, making it a two-stage attack. Patching to Chrome 149.0.7827.53 or later closes this gap.
- CVE-2026-11632HIGH 7.5
A use-after-free flaw in Google Chrome's TabStrip component allows attackers to run arbitrary code on a victim's computer. The vulnerability requires an attacker to craft a malicious webpage and convince a user to perform specific interactions (like clicking or dragging tabs) to trigger the bug. Successful exploitation could give an attacker complete control over the affected system, including access to sensitive data, installation of malware, or lateral movement to other systems on the network.
- CVE-2026-11636HIGH 7.5
A use-after-free vulnerability exists in Google Chrome's Autofill feature on Windows systems. An attacker can craft a malicious HTML page that, when combined with specific user interactions, may trigger memory corruption leading to code execution. The vulnerability requires user interaction—specifically certain UI gestures—to be exploited, but once triggered, the impact is severe. Chrome versions prior to 149.0.7827.103 are affected.
- CVE-2026-11639HIGH 7.5
A use-after-free memory safety flaw exists in Google Chrome's compositing engine on macOS. If you visit a malicious webpage, an attacker could exploit this vulnerability to run arbitrary code on your system with the privileges of the Chrome process. The vulnerability was patched in Chrome 149.0.7827.103 and later versions.
- CVE-2026-11641HIGH 7.5
A memory safety flaw in Google Chrome's Bluetooth implementation on Windows allows attackers to crash the browser or run malicious code if they can trick a user into specific interactions with a specially crafted webpage. The vulnerability requires user action and doesn't grant automatic exploitation, but once triggered, it could give an attacker full control over the affected browser process and any data within it.
- CVE-2026-11644HIGH 7.5
A use-after-free vulnerability exists in Google Chrome's Views component on Linux systems. An attacker could exploit this by tricking a user into installing a malicious Chrome extension, which could then execute arbitrary code with the privileges of the Chrome process. This represents a critical-severity issue from Chromium's perspective, though the CVSS score reflects the requirement for user interaction (extension installation) as a limiting factor.
- CVE-2026-11694HIGH 7.5
A use-after-free flaw in Google Chrome's ServiceWorker implementation could allow an attacker who has already compromised the renderer process to run malicious code within the sandbox. The vulnerability requires user interaction (visiting a specially crafted webpage) but poses a direct path to code execution for an attacker with partial system access.
- CVE-2026-42909HIGH 7.5
A race condition flaw in Microsoft's Remote Desktop Client and related Windows components allows an attacker to execute malicious code on a target machine over the network. The vulnerability requires the user to interact with a malicious connection or file, but once triggered, grants the attacker the same privileges as the logged-in user. This affects multiple versions of Windows 10, Windows 11, Windows Server, and the standalone Windows App, making it a broad-reaching concern across enterprise environments.
- CVE-2026-42913HIGH 7.5
A race condition flaw in Remote Desktop Client allows an attacker to execute arbitrary code on a Windows system by exploiting a window between when two processes access shared resources without proper locking. The attack requires network access and user interaction (such as establishing an RDP session), but successfully exploiting it grants full code execution with the privileges of the Remote Desktop Client process. This affects multiple Windows 11 versions and Windows Server 2022/2025.
- CVE-2026-44422HIGH 7.5
FreeRDP, a widely-used open-source Remote Desktop Protocol client, contains a memory corruption vulnerability in its authentication-redirection subsystem. A malicious RDP server can craft specially-formed authentication data that causes the FreeRDP client to allocate a single heap object but then attempt to free it twice—or use it after the first deallocation. This occurs because the parser doesn't properly track which heap objects correspond to which data structures when the same object reference is reused. The result is a crash or potential code execution on the client machine. The vulnerability requires user interaction (connecting to a malicious server) but affects all FreeRDP versions before 3.26.0.
- CVE-2026-8829HIGH 7.5
HTML::Entities, a widely-used Perl library for encoding and decoding HTML entities, contains a use-after-free vulnerability in versions before 3.84. The flaw occurs in the internal _decode_entities function when processing specially crafted entity-reference strings. Under specific conditions—when the input string matches a cached entity value that contains a self-referential entity—the library can read from memory that has already been freed. This potentially exposes adjacent heap contents to an attacker, creating a limited information disclosure risk.
- CVE-2026-9901HIGH 7.5
A use-after-free flaw in ANGLE (the graphics abstraction layer used by Chrome) allows an attacker to run malicious code on a target's machine. The attack requires two conditions: the attacker must first compromise Chrome's renderer process (the component that draws web content), and the victim must then visit a specially crafted web page. Once both conditions are met, arbitrary code can execute with the privileges of the compromised renderer process. This affects Chrome versions before 148.0.7778.216.
- CVE-2026-9922HIGH 7.5
A use-after-free vulnerability exists in Google Chrome's GPU rendering engine on macOS. The flaw allows an attacker who has already compromised Chrome's renderer process to execute arbitrary code by serving a specially crafted HTML page. This is a post-compromise risk: the attacker must first break into the renderer sandbox, but if successful, can then escalate to full code execution with system privileges. The vulnerability affects Chrome versions prior to 148.0.7778.216 on macOS.
- CVE-2026-9933HIGH 7.5
CVE-2026-9933 is a use-after-free memory vulnerability in Google Chrome's input handling code that allows attackers to corrupt heap memory on affected systems. Exploitation requires an attacker to trick a user into performing specific UI interactions (such as unusual mouse or keyboard gestures) while viewing a specially crafted HTML page. This is not a passive drive-by attack; active user participation is required. If successfully exploited, an attacker could execute arbitrary code with the privileges of the Chrome process, leading to complete compromise of the affected user's system.
- CVE-2026-9934HIGH 7.5
A use-after-free memory flaw exists in Google Chrome's Aura component (which handles window management and input) before version 148.0.7778.216. An attacker could exploit this by convincing a user to interact with a specially crafted webpage using specific mouse or keyboard gestures. Successful exploitation would allow the attacker to run arbitrary code on the victim's machine with the privileges of the Chrome process.
- CVE-2026-9954HIGH 7.5
A use-after-free vulnerability exists in Google Chrome's TabStrip component that can lead to memory corruption. An attacker must trick a user into performing specific UI interactions (like clicking or dragging tabs in a particular sequence) on a malicious website to potentially trigger the flaw. Successful exploitation could allow the attacker to read sensitive data, modify page content, or crash the browser. The vulnerability affects Chrome versions prior to 148.0.7778.216 across Windows, macOS, and Linux.
- CVE-2026-9956HIGH 7.5
A use-after-free vulnerability in Google Chrome on iOS allows remote attackers to execute arbitrary code if a user can be tricked into performing specific gestures on a malicious webpage. The vulnerability requires user interaction but doesn't require special privileges or system access, making it a realistic attack vector for threat actors hosting compromised or attacker-controlled sites.
- CVE-2026-9990HIGH 7.5
Google Chrome on macOS contains a use-after-free vulnerability in its web app installation feature that could allow an attacker to corrupt memory on a user's system. The vulnerability requires a user to perform specific interactions with a malicious webpage, but once triggered, it could potentially give an attacker the ability to read sensitive data, modify files, or crash the browser. The issue affects Chrome versions before 148.0.7778.216 on Mac systems.
- CVE-2026-11115HIGH 7.3
A use-after-free vulnerability exists in Google Chrome's update mechanism on Windows systems. An attacker with local access can exploit this flaw by crafting a malicious file, potentially escalating their privileges to system or administrator level. The vulnerability affects Chrome versions before 149.0.7827.53 and requires user interaction (such as opening or running a file) to trigger the exploit.
- CVE-2026-34335HIGH 7.0
A use-after-free memory vulnerability exists in Windows Ancillary Function Driver for WinSock (AFD.sys), affecting Windows 10 and Windows 11 across multiple versions, as well as Windows Server 2012 through 2025. An authenticated local attacker can exploit this flaw to escalate their privileges to SYSTEM level. The vulnerability requires local access and specific conditions to trigger, but once exploited, grants complete control over the affected system.
- CVE-2026-42836HIGH 7.0
A race condition in Windows' Function Discovery Service (fdwsd.dll) allows a user already logged into a machine to escalate their privileges to administrator level. The vulnerability exists because the service does not properly synchronize access to shared resources when multiple processes run concurrently, creating a narrow window where an attacker can manipulate the process. An authorized user would need local access and specific timing to exploit this, but successful exploitation grants full system-level permissions.
- CVE-2026-42911HIGH 7.0
A use-after-free memory vulnerability exists in Windows' Ancillary Function Driver for WinSock (AFD.sys). An attacker who already has local access to a machine can exploit this flaw to gain elevated privileges, potentially running code with system-level permissions. The vulnerability requires specific conditions to trigger—it is not trivially exploitable—but once successful grants significant control over the affected system.
- CVE-2026-42984HIGH 7.0
A use-after-free memory vulnerability exists in the Windows Kernel that allows an authorized local user to escalate their privileges to a higher level of access. An attacker with standard user permissions could exploit this flaw to gain system-level control on an affected machine. The vulnerability requires local access and specific conditions to trigger, but successful exploitation would grant complete compromise of the target system.
- CVE-2026-46154HIGH 7.0
A race condition exists in the Linux kernel's scheduler extension (sched_ext) cgroup interface that can lead to use-after-free memory access. When system administrators adjust cgroup scheduling parameters like weight, idle status, or bandwidth, the kernel reads a pointer to the scheduler without proper synchronization. If another process simultaneously disables and re-enables a different scheduler, the cached pointer becomes stale and points to freed memory. When the original operation tries to use this pointer, it dereferences already-freed kernel memory, potentially allowing local privilege escalation.
- CVE-2026-11628MEDIUM 6.8
Google Chrome versions before 149.0.7827.103 contain a use-after-free memory error in the Ozone graphics subsystem. An attacker with physical access to a device can trigger this flaw to corrupt heap memory and potentially execute arbitrary code. While the Chromium project rates this as Critical, the CVSS score reflects the requirement for physical device access, which limits real-world exploitability for most organizations.
- CVE-2026-11073MEDIUM 6.5
A use-after-free vulnerability exists in Google Chrome's WebGL rendering engine that could allow an attacker to steal sensitive data from your browser's memory. An attacker would need to trick you into visiting a malicious webpage to exploit this flaw. While the vulnerability requires user interaction to trigger, the potential exposure of process memory—which may contain cached passwords, authentication tokens, or other sensitive information—makes it a meaningful security concern. The issue affects Chrome versions prior to 149.0.7827.53.
- CVE-2026-11208MEDIUM 6.5
A use-after-free vulnerability exists in the codec handling components of Google Chrome versions prior to 149.0.7827.53. An attacker can craft a malicious HTML page that, when visited by a user, exploits this memory safety flaw to read sensitive data directly from the browser process's memory. The vulnerability requires user interaction (visiting a malicious site) but does not require any special privileges to exploit.
- CVE-2026-41982MEDIUM 6.4
CVE-2026-41982 is a race condition vulnerability affecting the IPC (inter-process communication) module. An authenticated attacker can exploit this flaw to degrade system availability. The vulnerability requires specific conditions to trigger and is rated MEDIUM severity with a CVSS score of 6.4.
- CVE-2026-10703MEDIUM 6.3
A use-after-free memory safety flaw exists in EIPStackGroup OpENer versions up to 2.3.0 within the SendRRData request handler. An authenticated attacker can remotely trigger memory corruption by crafting malicious messages, potentially leading to information disclosure or service disruption. The vulnerability has been publicly disclosed but the vendor has not yet acknowledged or released a patch.
- CVE-2025-60486MEDIUM 5.5
A memory safety flaw in GPAC's MP4Box tool allows an attacker to crash the application by processing a specially crafted MPEG-2 video file. The vulnerability stems from improper memory management in the dasher_process function—specifically, the code attempts to access memory that has already been freed. An attacker with local file access can exploit this by distributing a malicious video file that, when opened in MP4Box, triggers the defect and renders the tool unusable. This is a denial-of-service issue rather than a path to code execution or data theft.
- CVE-2026-50263MEDIUM 5.5
CVE-2026-50263 is a use-after-free memory vulnerability in X.Org's X server and Xwayland components that can leak sensitive information from system memory. When a client manipulates window attributes and triggers the screen saver, the CreateSaverWindow() function accesses memory that has already been freed, allowing the attacker to read data that should no longer be accessible. The vulnerability requires local access and low privileges but can expose confidential information without crashing the system.
- CVE-2026-10232MEDIUM 5.3
CVE-2026-10232 is a use-after-free vulnerability in Assimp, an open-source 3D model import library, affecting versions up to 6.0.4. The flaw exists in the ASE file parser component and can be triggered by a local attacker with user-level privileges when processing specially crafted ASE (ASCII Scene Export) files. Exploitation could allow an attacker to read sensitive data, modify application state, or crash the process. Because exploitation requires local access and user permissions, the risk is primarily relevant in multi-user systems or scenarios where untrusted ASE files are processed by privileged applications.
- CVE-2026-50219MEDIUM 4.9
libexpat, a widely-used XML parsing library, contains a use-after-free vulnerability in versions before 2.8.2. The flaw occurs when certain XML parsing functions (XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset) are called from within event handlers without proper depth tracking. This can lead to memory safety violations and potentially allow attackers to crash applications or, in some scenarios, execute arbitrary code. The vulnerability requires local access and specific conditions to trigger, making it a moderate-risk issue rather than a widespread internet-facing threat.
- CVE-2026-11249MEDIUM 4.7
Google Chrome versions before 149.0.7827.53 contain a use-after-free vulnerability in the Network component. If an attacker compromises Chrome's renderer process—the sandboxed part that runs web content—they could read sensitive data from the browser's memory using a specially crafted HTML page. This is a memory safety issue: the code attempts to access data after it has already been freed, potentially exposing unencrypted information that was in use moments before.
- CVE-2026-11623MEDIUM 4.5
A use-after-free memory vulnerability exists in tmux versions up to 3.6a, specifically within the image handling code. An attacker with local system access could trigger this flaw through a complex exploitation chain to read, modify, or crash tmux processes. While a public exploit has been disclosed, the attack requires both local access and deliberate manipulation, making opportunistic exploitation unlikely. The issue is resolved by upgrading to version 3.7-rc or applying the specific patch commit fc6d94a9f8a593bd8b7031650802084385d4ee03.