CVEs classified under CWE-763, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-52993 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append() tipc_msg_validate() can…
CVE-2025-14233 — CVSS 9.8 (critical): Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on…
CVE-2024-44852 — CVSS 9.8 (critical): Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component…
CVE-2021-42377 — CVSS 9.8 (critical): An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a…
CVE-2021-24028 — CVSS 9.8 (critical): An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other…
CVE-2020-0103 — CVSS 9.8 (critical): In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote…
CVE-2020-11105 — CVSS 9.8 (critical): An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a…
CVE-2019-11930 — CVSS 9.8 (critical): An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects…
CVE-2018-6836 — CVSS 9.8 (critical): The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory…
CVE-2007-4367 — CVSS 9.3 (critical): Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an…
CVE-2025-25215 — CVSS 8.8 (high): An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus…
CVE-2024-6607 — CVSS 8.8 (high): It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a…
CVE-2022-42309 — CVSS 8.8 (high): Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during…
CVE-2025-13824: A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red…
CVE-2021-3682 — CVSS 8.5 (high): A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a…
CVE-2022-26942 — CVSS 8.2 (high): The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two…
CVE-2022-31625 — CVSS 8.1 (high): In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid…
CVE-2026-57248 — CVSS 7.8 (high): When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument…
CVE-2026-53000 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfree_rcu to release ops Florian Westphal says…
CVE-2025-47749 — CVSS 7.8 (high): V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck…
CVE-2025-30379 — CVSS 7.8 (high): Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2024-2955 — CVSS 7.8 (high): T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
CVE-2021-47087 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages…
CVE-2023-34312 — CVSS 7.8 (high): In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from…
CVE-2022-48425 — CVSS 7.8 (high): In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.
CVE-2022-24958 — CVSS 7.8 (high): drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2021-3939 — CVSS 7.8 (high): Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale…
CVE-2020-12963 — CVSS 7.8 (high): An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the…
CVE-2021-41073 — CVSS 7.8 (high): loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFE…
CVE-2021-28216 — CVSS 7.8 (high): BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
CVE-2020-36404 — CVSS 7.8 (high): Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.
CVE-2020-12982 — CVSS 7.8 (high): An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of…
CVE-2021-22760 — CVSS 7.8 (high): A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could…
CVE-2020-0444 — CVSS 7.8 (high): In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to…
CVE-2019-18619 — CVSS 7.8 (high): Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15)…
CVE-2019-19820 — CVSS 7.8 (high): An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve…
CVE-2019-9290 — CVSS 7.8 (high): In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local…
CVE-2018-9557 — CVSS 7.8 (high): In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local…
CVE-2017-18075 — CVSS 7.8 (high): crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD…
CVE-2017-0731 — CVSS 7.8 (high): A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1…
CVE-2025-11838 — CVSS 7.5 (high): A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS)…
CVE-2023-4883 — CVSS 7.5 (high): Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the…
CVE-2023-25565 — CVSS 7.5 (high): GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when…
CVE-2022-41691 — CVSS 7.5 (high): When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to…
CVE-2022-28203 — CVSS 7.5 (high): A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist…
CVE-2022-37451 — CVSS 7.5 (high): Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.