Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61990 | 1 F5 | 25 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 22 more | 2026-02-26 | 7.5 High |
| When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-62219 | 1 Microsoft | 15 Windows, Windows 10, Windows 10 1607 and 12 more | 2026-02-26 | 7 High |
| Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62215 | 1 Microsoft | 19 Windows 10, Windows 10 1809, Windows 10 21h2 and 16 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62469 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-36919 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-20832 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7.8 High |
| Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability | ||||
| CVE-2026-20861 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20863 | 1 Microsoft | 10 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 7 more | 2026-02-26 | 7 High |
| Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20867 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-39975 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2026-02-25 | 8.8 High |
| kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. | ||||
| CVE-2023-33952 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more | 2026-02-25 | 6.7 Medium |
| A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. | ||||
| CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2026-02-25 | 8.3 High |
| A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | ||||
| CVE-2025-61145 | 1 Libtiff | 1 Libtiff | 2026-02-25 | 5.5 Medium |
| libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. | ||||
| CVE-2025-59289 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 21h2 and 16 more | 2026-02-22 | 7 High |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-5178 | 3 Linux, Netapp, Redhat | 10 Linux Kernel, Active Iq Unified Manager, Solidfire \& Hci Management Node and 7 more | 2026-02-18 | 8.8 High |
| A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. | ||||
| CVE-2025-27730 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2026-02-13 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26640 | 1 Microsoft | 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more | 2026-02-13 | 7 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49693 | 1 Microsoft | 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more | 2026-02-13 | 7.8 High |
| Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47975 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7 High |
| Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-57785 | 2 Hiawatha, Hiawatha.leisink | 2 Web Server, Hiawatha Webserver | 2026-02-13 | 6.5 Medium |
| A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution. | ||||