Total
1921 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27577 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 8.4 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | |||||
| CVE-2025-52434 | 1 Apache | 1 Tomcat | 2025-08-08 | N/A | 7.5 HIGH |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | |||||
| CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2025-08-06 | 3.3 LOW | 5.1 MEDIUM |
| fts.c in coreutils 8.4 allows local users to delete arbitrary files. | |||||
| CVE-2025-54629 | 2025-08-06 | N/A | 6.7 MEDIUM | ||
| Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2023-27359 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2025-08-06 | N/A | 8.1 HIGH |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | |||||
| CVE-2025-54955 | 2025-08-04 | N/A | 8.1 HIGH | ||
| OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials. | |||||
| CVE-2025-43275 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43244 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-20119 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-07-31 | N/A | 6.0 MEDIUM |
| A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition. | |||||
| CVE-2024-24770 | 1 Vantage6 | 1 Vantage6 | 2025-07-30 | N/A | 5.3 MEDIUM |
| vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-25214 | 1 Wwbn | 1 Avideo | 2025-07-28 | N/A | 8.8 HIGH |
| A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution. | |||||
| CVE-2025-45731 | 1 2fauth | 1 2fauth | 2025-07-28 | N/A | 6.5 MEDIUM |
| A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending. | |||||
| CVE-2024-52906 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | N/A | 5.5 MEDIUM |
| IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. | |||||
| CVE-2024-58248 | 2025-07-25 | N/A | 3.5 LOW | ||
| nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards. | |||||
| CVE-2023-37244 | 2 Microsoft, N-able | 2 Windows, Automation Manager | 2025-07-22 | N/A | 5.3 MEDIUM |
| The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 | |||||
| CVE-2025-49744 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-17 | N/A | 7.0 HIGH |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2020-15522 | 1 Bouncycastle | 4 Bc-csharp, Bouncy Castle Fips .net Api, Fips Java Api and 1 more | 2025-07-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | |||||
| CVE-2025-49690 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-15 | N/A | 7.4 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-49678 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.0 HIGH |
| Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49665 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-15 | N/A | 7.8 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. | |||||