CVEs classified under CWE-590, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-32911 — CVSS 9.0 (critical): A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows…
CVE-2026-20810 — CVSS 7.8 (high): Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-54899 — CVSS 7.8 (high): Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-42995 — CVSS 7.5 (high): SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the…
CVE-2025-42994 — CVSS 7.5 (high): SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation…
CVE-2023-22291 — CVSS 7.0 (high): An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document…
CVE-2026-47328 — CVSS 6.1 (medium): Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously…
CVE-2025-42996 — CVSS 5.6 (medium): SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to…
CVE-2025-7006 — CVSS 5.5 (medium): Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of…
CVE-2025-5899 — CVSS 5.3 (medium): A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is…