Total
7031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39698 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at that point. Those two should always go together, as the flag tells io_uring whether the field is valid or not. Additionally, on failure cleanup, the futex handler frees the data but does not clear ->async_data. Clear the data and the flag in the error path as well. Thanks to Trend Micro Zero Day Initiative and particularly ReDress for reporting this. | ||||
| CVE-2025-3212 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Arm 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver and 1 more | 2026-02-26 | 5.3 Medium |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0. | ||||
| CVE-2025-53731 | 1 Microsoft | 12 365, 365 Apps, Office and 9 more | 2026-02-26 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53735 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54102 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-26 | 7.8 High |
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54896 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54902 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54904 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54906 | 1 Microsoft | 12 365 Apps, Office, Office 2016 and 9 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54908 | 1 Microsoft | 10 365 Apps, Apps, Office and 7 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-55223 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55228 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 21h2 and 15 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2025-49561 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2026-02-26 | 7.8 High |
| Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-53802 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-02-26 | 7 High |
| Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54092 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54105 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows Server 2022 23h2 and 2 more | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54108 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 24h2, Windows Server 2025 | 2026-02-26 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54226 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54225 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-02-26 | 7.8 High |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-55224 | 1 Microsoft | 21 Hyper-v, Windows, Windows 10 and 18 more | 2026-02-26 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||