Total
547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9512 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. | ||||
| CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2025-08-06 | 5.1 Medium |
| fts.c in coreutils 8.4 allows local users to delete arbitrary files. | ||||
| CVE-2023-27327 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964. | ||||
| CVE-2023-27323 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18150. | ||||
| CVE-2024-27238 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Workplace Desktop | 2025-08-05 | 7.1 High |
| Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. | ||||
| CVE-2024-39821 | 1 Zoom | 2 Rooms, Workplace Desktop | 2025-08-05 | 6.6 Medium |
| Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | ||||
| CVE-2025-23279 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-05 | 7 High |
| NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. | ||||
| CVE-2025-8192 | 2 Android, Google | 3 Android, Tv, Android Tv | 2025-07-31 | N/A |
| There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function. | ||||
| CVE-2024-1729 | 1 Gradio Project | 1 Gradio | 2025-07-30 | N/A |
| A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access. | ||||
| CVE-2022-44670 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-22 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2025-2425 | 2025-07-22 | N/A | ||
| Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | ||||
| CVE-2020-15522 | 2 Bouncycastle, Redhat | 8 Bc-csharp, Bouncy Castle Fips .net Api, Fips Java Api and 5 more | 2025-07-17 | 5.9 Medium |
| Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | ||||
| CVE-2024-47494 | 1 Juniper Networks | 1 Junos Os | 2025-07-13 | 5.9 Medium |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. | ||||
| CVE-2025-27812 | 1 Msi | 1 Center | 2025-07-13 | 8.1 High |
| MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | ||||
| CVE-2024-37181 | 1 Intel | 1 Neural Compressor Software | 2025-07-12 | 2.6 Low |
| Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2024-3290 | 1 Tenable | 1 Nessus | 2025-07-12 | 8.2 High |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host | ||||
| CVE-2024-3292 | 1 Tenable | 1 Nessus Agent | 2025-07-12 | 8.2 High |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292 | ||||
| CVE-2024-41917 | 1 Intel | 1 Battery Life Diagnostic Tool | 2025-07-12 | 7.5 High |
| Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-13961 | 1 Avast | 1 Cleanup Premium | 2025-07-12 | 7.8 High |
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2023-32282 | 1 Intel | 1 Processors | 2025-07-12 | 7.2 High |
| Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||