PHP version 7.0 suffers from an object cloning denial of service vulnerability.

MEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.

PHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().

Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.

There is a use-after-free in the Adobe Flash MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip before it is accessed.

There is a use-after-free in Adobe Flash BitmapData.copyPixels. If the method is called on a MovieClip, and the MovieClip is deleted during parameter conversions, it is used to convert future parameters, even though it has already been freed.

Several methods in Adobe Flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip, the Rectangle instantiation will run on its thread. If a getter is added to this class’s package, it will be invoked when fetching the rectangle constructor, which can free the method’s thread, which will cause the Rectangle constructor to run on a thread which has been freed.