326 matches found
CVE-2026-14160
Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...
CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Important: Red Hat Security Advisory: rsync security, bug fix, and enhancement update
An update for rsync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2026:26332 Important: rsync security, bug fix, and enhancement update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
CVE-2026-54228
Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...
CODESYS Development System 安全漏洞
CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the incorrect default...
Unity Linux 20.1070e Security Update: shadow (UTSA-2026-016733)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016733 advisory. shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees Tenable has extracted the preceding description block directly from...
RockyLinux 9 : libcap (RLSA-2026:19346)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19346 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from th...
SUSE-SU-2026:1744-1 Security update for python-pytest
This update for python-pytest fixes the following issue - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...
ALSA-2026:12441 Important: libcap security update
Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Debian dsa-6226 : gir1.2-packagekitglib-1.0 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6226 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6226-1 [email protected] https://www.debian.org/security/...
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...
PT-2026-28805
Name of the Vulnerable Software and Affected Versions cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 Description A Time-of-check Time-of-use TOCTOU race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should ha...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the password reset mechanism. An attacker can gain unauthorized access to...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.5.0-RC1 to 4.16.18 and 5.0.0-RC1 to 5.8.22 of Craft CMS have security vulnerabilities. These vulnerabilities stem from TOCTOU race conditions in the token verification service, which may allow a single-use...
CVE-2024-36311
A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...
CVE-2026-26224
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper file access controls in the workflow creation or modification process. An attacker can modify sensitive host system files, including...
SUSE: Security Advisory (SUSE-SU-2026:20129-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...