Total
561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6217 | 1 Peak-system | 1 Device Driver | 2025-08-18 | N/A | 2.5 LOW |
| PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161. | |||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-08-18 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-41779 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-15 | N/A | 9.8 CRITICAL |
| IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-49558 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 5.9 MEDIUM |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-50158 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-14 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2023-32156 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2025-08-13 | N/A | 8.8 HIGH |
| Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. . Was ZDI-CAN-20734. | |||||
| CVE-2024-6029 | 1 Tesla | 2 Model S, Model S Firmware | 2025-08-12 | N/A | 5.0 MEDIUM |
| Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197. | |||||
| CVE-2023-33046 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 95 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation. | |||||
| CVE-2023-33119 | 1 Qualcomm | 322 Aqt1000, Aqt1000 Firmware, Ar8035 and 319 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | |||||
| CVE-2024-9512 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. | |||||
| CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2025-08-06 | 3.3 LOW | 5.1 MEDIUM |
| fts.c in coreutils 8.4 allows local users to delete arbitrary files. | |||||
| CVE-2023-27327 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A | 7.5 HIGH |
| Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964. | |||||
| CVE-2023-27323 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A | 7.8 HIGH |
| Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18150. | |||||
| CVE-2024-27238 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Workplace Desktop | 2025-08-05 | N/A | 7.1 HIGH |
| Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. | |||||
| CVE-2024-39821 | 1 Zoom | 2 Rooms, Workplace Desktop | 2025-08-05 | N/A | 6.6 MEDIUM |
| Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2024-1729 | 1 Gradio Project | 1 Gradio | 2025-07-30 | N/A | 5.9 MEDIUM |
| Th password check condition is vulnerable to timing attack to guess the password | |||||
| CVE-2025-49730 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-48818 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | N/A | 6.8 MEDIUM |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2025-48001 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-15 | N/A | 6.8 MEDIUM |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||
| CVE-2024-2913 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-09 | N/A | 6.5 MEDIUM |
| A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | |||||