CVE Daily
← All tags

Tag: Race Condition

All CVEs associated with "Race Condition". Page 1/1 • 68 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-16
Low

CVE-2025-38527

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-fre…

CVSS: N/A CWE: N/A
Read more
2025-08-14
Medium

CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks bet…

CVSS: 6.5 CWE: CWE-421
Read more
Medium

CVE-2025-54667

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a thro…

CVSS: 5.3 CWE: CWE-367
Read more
2025-08-13
High

CVE-2025-8941

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to…

CVSS: 7.8 CWE: CWE-22
Read more
2025-08-12
Medium

CVE-2025-49456

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.

CVSS: 6.2 CWE: CWE-426
Read more
High

CVE-2025-53788

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-367
Read more
High

CVE-2025-53135

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362
Read more
High

CVE-2025-53134

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall…

CVSS: 7.0 CWE: CWE-200
Read more
High

CVE-2025-53132

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.

CVSS: 8.0 CWE: CWE-362
Read more
High

CVE-2025-50169

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.

CVSS: 7.5 CWE: CWE-362
Read more
High

CVE-2025-50167

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362
Read more
High

CVE-2025-50158

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVSS: 7.0 CWE: CWE-367
Read more
High

CVE-2025-49762

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall…

CVSS: 7.0 CWE: CWE-362
Read more
Medium

CVE-2025-49743

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 CWE: CWE-362
Read more
Medium

CVE-2025-49558

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could resu…

CVSS: 5.9 CWE: CWE-367
Read more
High

CVE-2025-20074

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalati…

CVSS: 7.8 CWE: CWE-367
Read more
High

CVE-2025-20037

Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local acc…

CVSS: 7.2 CWE: CWE-367
Read more
High

CVE-2025-22830

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Con…

CVSS: 7.3 CWE: CWE-362
Read more
2025-08-11
High

CVE-2025-27577

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

CVSS: 8.4 CWE: CWE-362
Read more
High

CVE-2025-25278

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

CVSS: 8.4 CWE: CWE-362
Read more
2025-08-07
High

CVE-2025-47907

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are bein…

CVSS: 7.0 CWE: N/A
Read more
2025-08-06
Medium

CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a port…

CVSS: 6.5 CWE: N/A
Read more
Medium

CVE-2025-7954

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.

CVSS: 6.0 CWE: CWE-362
Read more
Medium

CVE-2025-54651

Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 4.8 CWE: CWE-362
Read more
Medium

CVE-2025-54629

Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

CVSS: 6.7 CWE: CWE-362
Read more
Medium

CVE-2025-54625

Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability may affect availability.

CVSS: 6.7 CWE: CWE-414
Read more
High

CVE-2025-54655

Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module.

CVSS: 8.1 CWE: CWE-367
Read more
2025-08-03
High

CVE-2025-54955

OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthe…

CVSS: 8.1 CWE: CWE-362
Read more
2025-08-02
High

CVE-2025-23281

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A succes…

CVSS: 7.0 CWE: CWE-416
Read more
High

CVE-2025-23279

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code…

CVSS: 7.0 CWE: CWE-367
Read more
2025-08-01
High

CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.

CVSS: 7.5 CWE: CWE-421
Read more
2025-07-31
Medium

CVE-2025-8192

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyW…

CVSS: 6.9 CWE: CWE-367
Read more
2025-07-30
Critical

CVE-2025-43275

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

CVSS: 9.8 CWE: CWE-362
Read more
Critical

CVE-2025-43244

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termin…

CVSS: 9.8 CWE: CWE-362
Read more
2025-07-28
Low

CVE-2025-38477

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (call…

CVSS: N/A CWE: N/A
Read more
2025-07-25
Low

CVE-2025-38467

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a TTY seri…

CVSS: N/A CWE: N/A
Read more
Low

CVE-2025-38448

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or…

CVSS: N/A CWE: N/A
Read more
Low

CVE-2025-38429

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is up…

CVSS: N/A CWE: N/A
Read more
2025-07-24
High

CVE-2025-25214

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbi…

CVSS: 8.8 CWE: CWE-362
Read more
Medium

CVE-2025-45731

A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.

CVSS: 6.5 CWE: CWE-362
Read more
2025-07-18
Medium

CVE-2025-2425

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.

CVSS: 5.1 CWE: CWE-367
Read more
2025-07-11
Medium

CVE-2025-52948

An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traff…

CVSS: 5.9 CWE: CWE-755
Read more
2025-07-10
High

CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with c…

CVSS: 7.5 CWE: CWE-362
Read more
2025-07-08
High

CVE-2025-49730

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122
Read more
High

CVE-2025-49690

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges loca…

CVSS: 7.4 CWE: CWE-362
Read more
High

CVE-2025-49665

Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-362
Read more
Medium

CVE-2025-48818

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.8 CWE: CWE-367
Read more
Medium

CVE-2025-48001

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.8 CWE: CWE-367
Read more
High

CVE-2025-47972

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

CVSS: 8.0 CWE: CWE-362
Read more
2025-07-07
Medium

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.

CVSS: 6.7 CWE: CWE-362
Read more
2025-07-04
Low

CVE-2025-38193

In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this c…

CVSS: N/A CWE: N/A
Read more
2025-07-03
Low

CVE-2025-38102

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigge…

CVSS: N/A CWE: N/A
Read more
2025-06-17
High

CVE-2025-6020

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink a…

CVSS: 7.8 CWE: CWE-22
Read more
2025-06-16
High

CVE-2025-32797

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, The write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly…

CVSS: 7.0 CWE: CWE-277
Read more
2025-06-12
Medium

CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in c…

CVSS: 5.3 CWE: CWE-367
Read more
2025-05-30
Medium

CVE-2025-4598

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump…

CVSS: 4.7 CWE: CWE-364
Read more
2025-04-30
Medium

CVE-2024-6029

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles…

CVSS: 5.0 CWE: CWE-367
Read more
2025-04-18
Low

CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a w…

CVSS: N/A CWE: N/A
Read more
2025-04-16
Low

CVE-2024-58248

nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

CVSS: 3.5 CWE: CWE-362
Read more
2025-02-26
Medium

CVE-2025-20119

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit thi…

CVSS: 6.0 CWE: CWE-362
Read more
2024-12-20
Critical

CVE-2024-56337

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throu…

CVSS: 9.8 CWE: CWE-367
Read more
2024-12-17
Critical

CVE-2024-50379

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (…

CVSS: 9.8 CWE: CWE-367
Read more
2024-11-22
Critical

CVE-2024-41779

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted reque…

CVSS: 9.8 CWE: CWE-367
Read more
2024-11-12
Medium

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12…

CVSS: 5.3 CWE: CWE-362
Read more
2024-07-15
Medium

CVE-2024-39821

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

CVSS: 6.6 CWE: CWE-367
Read more
High

CVE-2024-27238

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

CVSS: 7.1 CWE: CWE-367
Read more
2024-05-03
High

CVE-2023-27359

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 rou…

CVSS: 8.1 CWE: CWE-362
Read more
2024-05-02
Medium

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\…

CVSS: 5.3 CWE: CWE-362
Read more