EUVD-2026-31931

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution...

GHSA-7WX4-6VFF-V64P Diffusers: TOCTOU Trust Remote Code Bypass

Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

EUVD-2026-18350

A Time-of-Check to Time-of-Use TOCTOU race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process...

SUSE CVE-2026-26017

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check...

PT-2026-23721

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.2 Description CoreDNS is a DNS server that utilizes a chain of plugins. A flaw in the default plugin execution order allows bypassing of DNS access controls. Specifically, security plugins like acl are evaluated...

EUVD-2026-9347

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

EUVD-2023-1087

Malicious code in bioql PyPI...

UBUNTU-CVE-2023-1295

A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive, which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in...

CentOS 8 : container-tools:rhel8 (CESA-2023:2758)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2758 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling i...

GO-2023-1681 Time-of-check time-of-use race condition in github.com/containers/podman/v4

A Time-of-check Time-of-use TOCTOU flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

CVE-2023-0778

A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

CVE-2023-0778

A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

CVE-2022-27538

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...

CVE-2022-39908

TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write...

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity is vulnerable to a code issue vulnerability that is caused by a...

Cloudbees Jenkins 安全漏洞

Jenkins is an open source continuous integration tool written in Java , mainly used for continuous , automated build/test software projects , monitor the operation of external tasks . A TOCTOU competitive condition vulnerability exists in Jenkins 2.275, LTS 2.263.2. An attacker can exploit this...