Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55236 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | N/A | 7.3 HIGH |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | |||||
| CVE-2025-54093 | 2025-09-11 | N/A | 7.0 HIGH | ||
| Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54895 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58131 | 2025-09-11 | N/A | 6.6 MEDIUM | ||
| Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2025-38352 | 1 Linux | 1 Linux Kernel | 2025-09-05 | N/A | 7.4 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. | |||||
| CVE-2024-10972 | 2025-09-05 | N/A | 7.3 HIGH | ||
| Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. | |||||
| CVE-2024-2440 | 1 Github | 1 Enterprise Server | 2025-09-02 | N/A | 5.5 MEDIUM |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2025-9810 | 2025-09-02 | N/A | 6.8 MEDIUM | ||
| TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2025-44002 | 2025-08-26 | N/A | 6.1 MEDIUM | ||
| Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | |||||
| CVE-2025-3599 | 1 Broadcom | 2 Symantec Endpoint Protection, Symantec Eraser Engine | 2025-08-21 | N/A | 6.5 MEDIUM |
| Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | |||||
| CVE-2024-43067 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | |||||
| CVE-2025-21485 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53018 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing the OIS packet parser. | |||||
| CVE-2024-53016 | 1 Qualcomm | 68 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 65 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while processing I2C settings in Camera driver. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2025-54655 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.1 HIGH |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. | |||||
| CVE-2024-41787 | 1 Ibm | 1 Doors Next | 2025-08-20 | N/A | 9.8 CRITICAL |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 5.5 MEDIUM |
| Information disclosure may be there when a guest VM is connected. | |||||
| CVE-2025-53134 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||