Total
560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26206 | 1 Wazuh | 1 Wazuh | 2026-04-30 | N/A | 6.5 MEDIUM |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the configured threshold (max_login_attempts, default 50) is enforced correctly for sequential requests, a parallel burst allows significantly more failed login attempts to be processed before the IP block is applied. This enables an attacker to perform more password guesses than the configured policy intends (e.g., 100 attempts processed where 50 should be allowed). This issue has been patched in version 4.14.4. | |||||
| CVE-2026-4878 | 2 Libcap Project, Redhat | 3 Libcap, Enterprise Linux, Openshift Container Platform | 2026-04-30 | N/A | 6.7 MEDIUM |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | |||||
| CVE-2013-3888 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2026-04-29 | 7.2 HIGH | 8.4 HIGH |
| dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." | |||||
| CVE-2023-37867 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2026-04-28 | N/A | 3.7 LOW |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress.This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8. | |||||
| CVE-2022-45809 | 1 Quicoto | 1 Thumbs Rating | 2026-04-28 | N/A | 5.3 MEDIUM |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0. | |||||
| CVE-2026-31535 | 1 Linux | 1 Linux Kernel | 2026-04-28 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and granted credits is racy. That's because the peer might already consumed a credit, but between receiving the incoming recv at the hardware and processing the completion in the 'recv_done' functions we likely have a window where we grant credits, which don't really exist. So we better have a decicated counter for the available credits, which will be incremented when we posted new recv buffers and drained when we grant the credits to the peer. | |||||
| CVE-2026-41338 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.0 MEDIUM |
| OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply_patch, remove, and mkdir operations to manipulate files between validation and execution. | |||||
| CVE-2026-41337 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process. | |||||
| CVE-2026-31523 | 1 Linux | 1 Linux Kernel | 2026-04-28 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions. | |||||
| CVE-2026-41296 | 1 Openclaw | 1 Openclaw | 2026-04-27 | N/A | 8.2 HIGH |
| OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files. | |||||
| CVE-2026-35353 | 1 Uutils | 1 Coreutils | 2026-04-27 | N/A | 3.3 LOW |
| The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces a brief window where a directory intended to be private is accessible to other users, potentially leading to unauthorized data access. | |||||
| CVE-2026-35355 | 1 Uutils | 1 Coreutils | 2026-04-27 | N/A | 6.3 MEDIUM |
| The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O_EXCL flag. A local attacker can exploit the window between the unlink and the subsequent creation to swap the path with a symbolic link, allowing them to redirect privileged writes to overwrite arbitrary system files. | |||||
| CVE-2026-35356 | 1 Uutils | 1 Coreutils | 2026-04-27 | N/A | 6.3 MEDIUM |
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file descriptor. An attacker with concurrent write access can replace a path component with a symbolic link between these operations, redirecting the privileged write to an arbitrary file system location. | |||||
| CVE-2026-35362 | 1 Uutils | 1 Coreutils | 2026-04-27 | N/A | 3.6 LOW |
| The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize these protections, leaving directory traversal operations vulnerable to symlink race conditions. | |||||
| CVE-2026-35364 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 6.3 MEDIUM |
| A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this window to replace the destination with a symbolic link. The subsequent privileged move operation will follow the symlink, allowing the attacker to redirect the write and overwrite an arbitrary target file with contents from the source. | |||||
| CVE-2026-35354 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 4.7 MEDIUM |
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with write access to the directory can exploit this race to swap files between calls, causing the destination file to receive an inconsistent mix of security xattrs, such as SELinux labels or file capabilities. | |||||
| CVE-2026-35352 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 7.0 HIGH |
| A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link between these two operations. This redirects the chmod call to an arbitrary file, potentially enabling privilege escalation if the utility is run with elevated privileges. | |||||
| CVE-2026-35357 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 4.7 MEDIUM |
| The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file during this window; once obtained, the file descriptor remains valid and readable even after the permissions are tightened, exposing sensitive or private file contents. | |||||
| CVE-2026-35359 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 4.7 MEDIUM |
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with concurrent write access can swap a regular file for a symbolic link during this window, causing a privileged cp process to copy the contents of arbitrary sensitive files into a destination controlled by the attacker. | |||||
| CVE-2026-35360 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 6.3 MEDIUM |
| The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit this window to create a file or swap a symlink at the target path, causing touch to truncate an existing file and leading to permanent data loss. | |||||