Lucene search
K

326 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-14160

Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...

5.9CVSS0.0009EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 5:38 p.m.9 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 2:45 p.m.12 views

Important: Red Hat Security Advisory: rsync security, bug fix, and enhancement update

An update for rsync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:0 a.m.6 views

ALSA-2026:26332 Important: rsync security, bug fix, and enhancement update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

8.1CVSS5.4AI score0.0078EPSS
Exploits0References6
CVE
CVE
added 2026/06/13 2:34 a.m.28 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the incorrect default...

8.5CVSS5.8AI score0.00105EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: shadow (UTSA-2026-016733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016733 advisory. shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees Tenable has extracted the preceding description block directly from...

4.7CVSS6.2AI score0.00308EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

RockyLinux 9 : libcap (RLSA-2026:19346)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19346 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from th...

7CVSS5.8AI score0.00188EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 7:17 a.m.6 views

SUSE-SU-2026:1744-1 Security update for python-pytest

This update for python-pytest fixes the following issue - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

6.8CVSS5.8AI score0.0014EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 12:0 a.m.20 views

ALSA-2026:12441 Important: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7CVSS5.8AI score0.00188EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Debian dsa-6226 : gir1.2-packagekitglib-1.0 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6226 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6226-1 [email protected] https://www.debian.org/security/...

5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/09 2:49 p.m.3 views

CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.2AI score0.00188EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-28805

Name of the Vulnerable Software and Affected Versions cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 Description A Time-of-check Time-of-use TOCTOU race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should ha...

5.8CVSS5.8AI score0.00088EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/17 5:40 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the password reset mechanism. An attacker can gain unauthorized access to...

3.1CVSS5.8AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.5.0-RC1 to 4.16.18 and 5.0.0-RC1 to 5.8.22 of Craft CMS have security vulnerabilities. These vulnerabilities stem from TOCTOU race conditions in the token verification service, which may allow a single-use...

6.9CVSS5.8AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/16 7:29 p.m.7 views

CVE-2024-36311

A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...

4.6CVSS5.8AI score0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 10:16 p.m.11 views

CVE-2026-26224

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure...

8.5CVSS0.0011EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/04 6:25 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper file access controls in the workflow creation or modification process. An attacker can modify sensitive host system files, including...

9.9CVSS5.6AI score0.00306EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/30 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2026:20129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.5CVSS5.9AI score0.00085EPSS
Exploits0References4
Rows per page
Query Builder