CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

6,619 results Clear all

CVE-2026-0027 6.7 MEDIUM EPSS 0.00

arm-smmu-v3.c - Use After Free

In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CWE-416 Mar 02, 2026

CVE-2025-47386 7.8 HIGH EPSS 0.00

IOCTL Calls - Memory Corruption

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

CWE-416 Mar 02, 2026

CVE-2025-47381 7.8 HIGH EPSS 0.00

Product Version - Memory Corruption

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

CWE-416 Mar 02, 2026

CVE-2025-47379 7.8 HIGH EPSS 0.00

Product - Memory Corruption

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

CWE-416 Mar 02, 2026

CVE-2025-47377 7.8 HIGH EPSS 0.00

Unknown Product - Memory Corruption

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

CWE-416 Mar 02, 2026

CVE-2025-47376 7.8 HIGH EPSS 0.00

Product Version - Memory Corruption

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

CWE-416 Mar 02, 2026

CVE-2025-47375 7.8 HIGH EPSS 0.00

Product - Memory Corruption

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

CWE-416 Mar 02, 2026

CVE-2026-20443 6.7 MEDIUM EPSS 0.00

Display - Privilege Escalation

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.

CWE-416 Mar 02, 2026

CVE-2026-20442 4.4 MEDIUM EPSS 0.00

Display Component - Use After Free

In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.

CWE-416 Mar 02, 2026

CVE-2026-20439 4.4 MEDIUM EPSS 0.00

imgsys - Use After Free

In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.

CWE-416 Mar 02, 2026

CVE-2026-20437 4.4 MEDIUM EPSS 0.00

MAE - Use After Free

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.

CWE-416 Mar 02, 2026

CVE-2026-27950 7.5 HIGH 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.

CWE-416 Feb 25, 2026

CVE-2026-26986 7.5 HIGH 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on title allocation failure without first removing the entry from the `railWindows` hash table, leaving a dangling pointer that is freed again on disconnect. Version 3.23.0 fixes the vulnerability.

CWE-416 Feb 25, 2026

CVE-2026-25997 9.8 CRITICAL 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-25959 9.8 CRITICAL 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-25955 9.8 CRITICAL 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `surface->data` without invalidating the `appWindow->image` that aliases it. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-25954 7.5 HIGH 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-25953 9.8 CRITICAL 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any lifetime protection, while the main thread can concurrently delete the window through a fastpath window-delete order. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-25952 9.8 CRITICAL 1 Writeup EPSS 0.00

FreeRDP <3.23.0 - Use After Free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.

CWE-416 Feb 25, 2026

CVE-2026-2804 5.4 MEDIUM EPSS 0.00

Firefox <148 - Use After Free

Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

CWE-416 Feb 24, 2026