Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68957 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-68956 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.0 HIGH |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-68955 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.0 HIGH |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-68749 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown. Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully unmapped at context teardown time or present on the list and unmapped by file_priv_unbind(). | |||||
| CVE-2025-68214 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timer_shutdown_sync() There is a race condition between timer_shutdown_sync() and timer expiration that can lead to hitting a WARN_ON in expire_timers(). The issue occurs when timer_shutdown_sync() clears the timer function to NULL while the timer is still running on another CPU. The race scenario looks like this: CPU0 CPU1 <SOFTIRQ> lock_timer_base() expire_timers() base->running_timer = timer; unlock_timer_base() [call_timer_fn enter] mod_timer() ... timer_shutdown_sync() lock_timer_base() // For now, will not detach the timer but only clear its function to NULL if (base->running_timer != timer) ret = detach_if_pending(timer, base, true); if (shutdown) timer->function = NULL; unlock_timer_base() [call_timer_fn exit] lock_timer_base() base->running_timer = NULL; unlock_timer_base() ... // Now timer is pending while its function set to NULL. // next timer trigger <SOFTIRQ> expire_timers() WARN_ON_ONCE(!fn) // hit ... lock_timer_base() // Now timer will detach if (base->running_timer != timer) ret = detach_if_pending(timer, base, true); if (shutdown) timer->function = NULL; unlock_timer_base() The problem is that timer_shutdown_sync() clears the timer function regardless of whether the timer is currently running. This can leave a pending timer with a NULL function pointer, which triggers the WARN_ON_ONCE(!fn) check in expire_timers(). Fix this by only clearing the timer function when actually detaching the timer. If the timer is running, leave the function pointer intact, which is safe because the timer will be properly detached when it finishes running. | |||||
| CVE-2025-68146 | 1 Tox-dev | 1 Filelock | 2026-06-17 | N/A | 6.3 MEDIUM |
| filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended. | |||||
| CVE-2025-67505 | 1 Okta | 1 Java Management Sdk | 2026-06-17 | N/A | 8.4 HIGH |
| Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1. | |||||
| CVE-2025-66803 | 1 Hotwired | 1 Turbo | 2026-06-17 | N/A | 4.8 MEDIUM |
| Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.g. delaying requests based on sequence or timing) or by physically proximate attackers when the race condition occurs naturally on shared computers. | |||||
| CVE-2025-66446 | 1 Maxkb | 1 Maxkb | 2026-06-17 | N/A | 8.8 HIGH |
| MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0. | |||||
| CVE-2025-66419 | 1 Maxkb | 1 Maxkb | 2026-06-17 | N/A | 8.8 HIGH |
| MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0. | |||||
| CVE-2025-66328 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66327 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.1 HIGH |
| Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66326 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 6.7 MEDIUM |
| Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66322 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.1 MEDIUM |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66321 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.1 MEDIUM |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66320 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.1 MEDIUM |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-64773 | 1 Jetbrains | 1 Youtrack | 2026-06-17 | N/A | 2.7 LOW |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit | |||||
| CVE-2025-64683 | 1 Jetbrains | 1 Hub | 2026-06-17 | N/A | 5.3 MEDIUM |
| In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API | |||||
| CVE-2025-64682 | 1 Jetbrains | 1 Hub | 2026-06-17 | N/A | 2.7 LOW |
| In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit | |||||
| CVE-2025-64661 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | |||||