CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

718 results Clear all

CVE-2026-23868 5.1 MEDIUM EPSS 0.00

Giflib - Use After Free

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.

CWE-415 Mar 10, 2026

CVE-2025-69650 7.5 HIGH EPSS 0.00

GNU Binutils <=2.46 - Double Free

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.

CWE-415 Mar 06, 2026

CVE-2026-28537 5.1 MEDIUM EPSS 0.00

Window Module - Use After Free

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.

CWE-415 Mar 05, 2026

CVE-2025-61145 5.0 MEDIUM EPSS 0.00

libtiff <=4.7.1 - Use After Free

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

CWE-415 Feb 23, 2026

CVE-2025-12343 3.3 LOW EPSS 0.00

FFmpeg - Use After Free

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

CWE-415 Feb 18, 2026

CVE-2026-25556 7.5 HIGH EPSS 0.00

MuPDF <1.27.0 - Memory Corruption

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

CWE-415 Feb 06, 2026

CVE-2026-20415 5.5 MEDIUM EPSS 0.00

imgsys - Memory Corruption

In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.

CWE-667 Feb 02, 2026

CVE-2025-57785 6.5 MEDIUM 1 Writeup EPSS 0.00

Hiawatha.leisink Hiawatha Webserver - Double Free

A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.

CWE-415 Jan 26, 2026

CVE-2026-21918 7.5 HIGH EPSS 0.00

Juniper Junos < 22.4 - Double Free

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.

CWE-415 Jan 15, 2026

CVE-2025-13844 5.3 MEDIUM EPSS 0.00

Rapsody - Memory Corruption

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.

CWE-415 Jan 15, 2026

CVE-2025-68968 7.8 HIGH EPSS 0.00

Multi-mode Input Module - Memory Corruption

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

CWE-415 Jan 14, 2026

CVE-2026-20867 7.8 HIGH EPSS 0.00

Windows Management Services - Privilege Escalation

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CWE-415 Jan 13, 2026

CVE-2026-20863 7.0 HIGH EPSS 0.00

Windows Win32K - ICOMP < unknown - Privilege Escalation

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CWE-415 Jan 13, 2026

CVE-2026-20861 7.8 HIGH EPSS 0.00

Windows Management Services - Privilege Escalation

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CWE-415 Jan 13, 2026

CVE-2026-20832 7.8 HIGH EPSS 0.00

Windows RPC IDL - Privilege Escalation

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

CWE-415 Jan 13, 2026

CVE-2025-68657 6.4 MEDIUM 1 Writeup EPSS 0.00

Espressif ESP-IDF - Use After Free

Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.

CWE-667 Jan 12, 2026

CVE-2026-20026 5.8 MEDIUM EPSS 0.00

Cisco products - Use After Free

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of service (DoS).

CWE-415 Jan 07, 2026

CVE-2025-47396 7.8 HIGH EPSS 0.00

Qualcomm Fastconnect 6200 Firmware - Double Free

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

CWE-415 Jan 07, 2026

CVE-2025-47356 7.8 HIGH EPSS 0.00

Qualcomm Cologne Firmware - Double Free

Memory Corruption when multiple threads concurrently access and modify shared resources.

CWE-415 Jan 07, 2026

CVE-2025-36919 7.8 HIGH EPSS 0.00

Google Android - Double Free

In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE-415 Dec 11, 2025