Threats Tagged 'cwe-415'
View all threats tagged with 'cwe-415'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-415'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-11576: CWE-415 Double free in Eclipse Foundation Eclipse ThreadX - NetX DuoCVE-2026-11576 0 The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption. Join the discussion | CVE Database V5 | 06/19/2026, 08:27:59 UTC Added: 06/19/2026, 09:50:06 UTC |
CVE-2026-12043: CWE-415 Double free in AWS aws-c-httpCVE-2026-12043 0 Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0. Join the discussion | CVE Database V5 | 06/12/2026, 18:35:51 UTC Added: 06/12/2026, 18:55:14 UTC |
CVE-2026-46690: CWE-125: Out-of-bounds Read in spearman unbounded-spscCVE-2026-46690 0 CVE-2026-46690 is a medium severity vulnerability in the spearman unbounded-spsc queue library versions 0.2.0 and earlier. It involves an out-of-bounds read caused by a pointer-as-value transmute operation in the sender::send function, which can lead to a fake-Arc drop during concurrent transmit/receive races. No patches or official fixes are available at the time of publication. Join the discussion | CVE Database V5 | 06/12/2026, 14:56:10 UTC Added: 06/12/2026, 15:39:34 UTC |
CVE-2024-43514: CWE-415: Double Free in Microsoft Windows 10 Version 1507CVE-2024-43514 0 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Join the discussion | GCVE Database | 10/08/2024, 17:35:51 UTC Added: 06/09/2026, 19:18:55 UTC |
CVE-2026-45324: CWE-415: Double Free in rizinorg rizinCVE-2026-45324 0 CVE-2026-45324 is a low-severity vulnerability in the rizin reverse engineering framework caused by a double free error in the byte_pattern_search function due to incorrect pointer ownership. This flaw can lead to a denial of service by crashing the application. The issue is fixed in commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe. No known exploits are reported in the wild. The vulnerability affects versions of rizin prior to this commit. Join the discussion | CVE Database V5 | 05/29/2026, 19:08:39 UTC Added: 05/29/2026, 19:18:38 UTC |
Showing 1 to 5 of 5 results