CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

CWE-825

Children

none

CVEs mapped to this weakness (1,404)

page 31 of 71

CVE	Sev	Risk	CVSS	Published	Description
CVE-2026-33095	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-32200	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32199	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32197	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32189	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32165	Hig	0.51	7.8	Apr 14, 2026	Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32163	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-32159	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32158	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-32155	Hig	0.51	7.8	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32154	Hig	0.51	7.8	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32153	Hig	0.51	7.8	Apr 14, 2026	Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-32152	Hig	0.51	7.8	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32090	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32089	Hig	0.51	7.8	Apr 14, 2026	Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
CVE-2026-32078	Hig	0.51	7.8	Apr 14, 2026	Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27927	Hig	0.51	7.8	Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27924	Hig	0.51	7.8	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27923	Hig	0.51	7.8	Apr 14, 2026	Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.