CVE-2026-14788
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r_core_bin_load
CVSS
3.3
Bajo
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Publicado: 6 jul 2026 · Última mod.: 9 jul 2026 · CWE-119 · CWE-416
0.1%EPSS · 30 días0.1%
2026-07-062026-07-16
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r_core_bin_load of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 635ab1eeb30340c26076722a90cb91fb2272130b. Applying a patch is advised to resolve this issue.
- github.comhttps://github.com/oldzhu/radare2/commit/635ab1eeb30340c26076722a90cb91fb2272130b
- github.comhttps://github.com/radareorg/radare2/
- github.comhttps://github.com/radareorg/radare2/issues/26049
- vuldb.comhttps://vuldb.com/cve/CVE-2026-14788
- vuldb.comhttps://vuldb.com/submit/850388
- vuldb.comhttps://vuldb.com/vuln/376377
- vuldb.comhttps://vuldb.com/vuln/376377/cti
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-312778.8 ALT71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability3dCVE-2005-445910.0 SIN96.2%
——29Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.10dCVE-2025-217607.8 ALT94.7%
——28In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb()
ndisc_send_skb() can be called without RTNL or RCU held.
Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()
and avoid a potential UAF.3dCVE-2026-335267.5 ALT94.7%
——28Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.3dCVE-2026-327487.5 ALT94.7%
——28Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.3dCVE-2011-40454.3 SIN88.5%
——27Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.8d