Export limit exceeded: 334621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33235 | 2 Linux, Nvidia | 4 Linux, Linux Kernel, Nvidia Resiliency Extension and 1 more | 2026-02-02 | 7.8 High |
| NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges. | ||||
| CVE-2025-4598 | 5 Debian, Linux, Oracle and 2 more | 10 Debian Linux, Linux Kernel, Linux and 7 more | 2026-02-02 | 4.7 Medium |
| A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. | ||||
| CVE-2025-48753 | 1 Obsidiandynamics | 1 Anode | 2026-01-30 | 2.9 Low |
| In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. | ||||
| CVE-2025-48751 | 1 Tickbh | 1 Process Lock | 2026-01-30 | 2.9 Low |
| The process_lock crate 0.1.0 for Rust allows data races in unlock. | ||||
| CVE-2025-47735 | 1 Nugine | 1 Wgp | 2026-01-30 | 2.9 Low |
| inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. | ||||
| CVE-2022-27540 | 1 Hp | 706 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 703 more | 2026-01-30 | 7.8 High |
| A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. | ||||
| CVE-2025-21746 | 1 Linux | 1 Linux Kernel | 2026-01-30 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been attached to the port yet. Fix the crash by introducing open() and close() methods for the port and check if the port is open before trying to access psmouse instance. Because psmouse calls serio_open() only after attaching psmouse instance to serio port instance this prevents the potential crash. | ||||
| CVE-2025-48754 | 1 Fractalfir | 1 Memory Pages | 2026-01-30 | 2.9 Low |
| In the memory_pages crate 0.1.0 for Rust, division by zero can occur. | ||||
| CVE-2025-66803 | 1 Hotwired | 1 Turbo | 2026-01-30 | 4.8 Medium |
| Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.g. delaying requests based on sequence or timing) or by physically proximate attackers when the race condition occurs naturally on shared computers. | ||||
| CVE-2026-24826 | 1 Cadaver | 1 Turso3d | 2026-01-29 | N/A |
| Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . | ||||
| CVE-2025-47907 | 1 Golang | 2 Database Sql, Go | 2026-01-29 | 7 High |
| Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error. | ||||
| CVE-2024-12747 | 1 Redhat | 3 Discovery, Enterprise Linux, Openshift | 2026-01-28 | 5.6 Medium |
| A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | ||||
| CVE-2026-22281 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | 3.5 Low |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2025-47332 | 1 Qualcomm | 149 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 146 more | 2026-01-28 | 6.7 Medium |
| Memory corruption while processing a config call from userspace. | ||||
| CVE-2022-39328 | 1 Grafana | 1 Grafana | 2026-01-28 | 9.8 Critical |
| Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds. | ||||
| CVE-2025-47344 | 1 Qualcomm | 165 Csra6620, Csra6620 Firmware, Csra6640 and 162 more | 2026-01-27 | 6.7 Medium |
| Memory corruption while handling sensor utility operations. | ||||
| CVE-2025-52517 | 1 Samsung | 16 Exynos, Exynos 1330, Exynos 1330 Firmware and 13 more | 2026-01-27 | 5.1 Medium |
| An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. | ||||
| CVE-2024-47494 | 2 Juniper, Juniper Networks | 2 Junos, Junos Os | 2026-01-26 | 5.9 Medium |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. | ||||
| CVE-2021-28856 | 1 Entropymine | 1 Deark | 2026-01-26 | 5.5 Medium |
| In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize. | ||||
| CVE-2026-23735 | 1 Graphql-hive | 1 Graphql-modules | 2026-01-26 | N/A |
| GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the service when the context is injected via @ExecutionContext(). ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. This vulnerability is fixed in 2.4.1 and 3.1.1. | ||||