Total
1989 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22830 | 2025-08-12 | N/A | ||
| APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability. | ||||
| CVE-2024-50313 | 1 Mendix | 1 Mendix | 2025-08-12 | 5.3 Medium |
| A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. | ||||
| CVE-2025-27577 | 1 Openharmony | 1 Openharmony | 2025-08-12 | 8.4 High |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | ||||
| CVE-2025-25278 | 1 Openharmony | 1 Openharmony | 2025-08-12 | 8.4 High |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | ||||
| CVE-2025-52434 | 1 Apache | 1 Tomcat | 2025-08-08 | 7.5 High |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | ||||
| CVE-2025-7954 | 1 Shopware | 1 Shopware | 2025-08-07 | N/A |
| A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations. | ||||
| CVE-2025-54651 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 4.8 Medium |
| Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54629 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-07 | 6.7 Medium |
| Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2025-08-06 | 5.1 Medium |
| fts.c in coreutils 8.4 allows local users to delete arbitrary files. | ||||
| CVE-2023-27359 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2025-08-06 | 8.1 High |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | ||||
| CVE-2025-49744 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-05 | 7 High |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49737 | 1 Microsoft | 2 Teams, Teams For Mac | 2025-08-05 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49678 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-05 | 7 High |
| Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49665 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-05 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48000 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-05 | 7.8 High |
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49690 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-08-05 | 7.4 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-47972 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-08-05 | 8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54955 | 1 Opennebula | 1 Opennebula | 2025-08-05 | 8.1 High |
| OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials. | ||||
| CVE-2024-4418 | 1 Redhat | 3 Advanced Virtualization, Enterprise Linux, Rhel Eus | 2025-08-04 | 6.2 Medium |
| A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. | ||||
| CVE-2025-43275 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-07-31 | 9.8 Critical |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox. | ||||