Total
516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54895 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-15 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55236 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | 7.3 High |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-58131 | 2 Apple, Zoom | 4 Macos, Vdi Vmware, Workplace and 1 more | 2025-09-12 | 6.6 Medium |
| Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-54093 | 2025-09-12 | 7 High | ||
| Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29833 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-10 | 7.7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29969 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 7.5 High |
| Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-09-09 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53134 | 1 Microsoft | 21 Windows, Windows 10, Windows 10 1507 and 18 more | 2025-09-09 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50158 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-09-09 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-38352 | 1 Linux | 1 Linux Kernel | 2025-09-05 | 7.4 High |
| In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. | ||||
| CVE-2024-10972 | 2025-09-05 | 7.3 High | ||
| Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. | ||||
| CVE-2024-2440 | 1 Github | 1 Enterprise Server | 2025-09-02 | 5.5 Medium |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2025-9810 | 1 Linenoise Project | 1 Linenoise | 2025-09-02 | 6.8 Medium |
| TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path. | ||||
| CVE-2025-44002 | 2 Microsoft, Teamviewer | 3 Windows, Full Client, Host | 2025-08-27 | 6.1 Medium |
| Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | ||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | 7.8 High |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | ||||
| CVE-2025-49730 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48818 | 1 Microsoft | 17 Bitlocker, Windows, Windows 10 and 14 more | 2025-08-23 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-48001 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 1507 and 14 more | 2025-08-23 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-3599 | 1 Broadcom | 2 Symantec Endpoint Protection, Symantec Eraser Engine | 2025-08-21 | 6.5 Medium |
| Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | ||||
| CVE-2024-43067 | 1 Qualcomm | 117 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 114 more | 2025-08-20 | 7.8 High |
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | ||||