Lucene search
K

106 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 7:11 p.m.3 views

CVE-2026-22281

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use TOCTOU race condition vulnerability. A low privileged attacker with adjacent...

3.5CVSS5.5AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 12:24 p.m.2 views

SUSE-SU-2026:0233-1 Security update for python-virtualenv

This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458...

4.5CVSS5.8AI score0.00085EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.2 views

CVE-2026-20816

Time-of-check time-of-use toctou race condition in Windows Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS6.8AI score0.02392EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 3:16 p.m.4 views

CVE-2025-71111

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

4.7CVSS0.00089EPSS
Exploits0References7
OSV
OSV
added 2026/01/14 3:16 p.m.4 views

UBUNTU-CVE-2025-71111

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References37
EUVD
EUVD
added 2026/01/13 6:45 p.m.4 views

EUVD-2026-1869

virtualenv Has TOCTOU Vulnerabilities in Directory Creation...

4.5CVSS6.1AI score0.00085EPSS
Exploits0References4
OSV
OSV
added 2026/01/10 7:16 a.m.6 views

AZL-74210 CVE-2026-22702 affecting package python-virtualenv 20.26.6-2

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS5.7AI score0.00085EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 7:16 a.m.6 views

AZL-74237 CVE-2026-22702 affecting package python-virtualenv 20.25.0-3

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS5.7AI score0.00085EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 6:5 a.m.29 views

CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS0.00085EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 5:59 a.m.28 views

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS0.00115EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/31 12:0 a.m.23 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

0.0014EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/16 8:52 p.m.12 views

filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...

6.5CVSS6.4AI score0.00184EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/12/16 6:10 p.m.26 views

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.3CVSS0.00184EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/20 4:53 p.m.9 views

CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU)

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...

4.3CVSS0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/20 4:53 p.m.3 views

EUVD-2025-198294

Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...

4.3CVSS6.4AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.5 views

PT-2025-47604

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.0.8 Open OnDemand versions prior to 3.1.16 Description Open OnDemand is an open-source HPC portal. Users can potentially exploit a “Time of Check to Time of Use” TOCTOU condition when downloading zip files,...

4.3CVSS6.5AI score0.00186EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.4 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. A security vulnerability exists in the Imagination Graphics DDK that stems from a TOCTOU contention condition that could result in out-of-virtual-machine memory reads and writes...

7.4CVSS6.7AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.17 views

CVE-2025-64180

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.7AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 2:58 a.m.6 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.8AI score0.00315EPSS
Exploits0References3
NVD
NVD
added 2025/10/15 5:15 p.m.6 views

CVE-2025-54271

Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing...

5.6CVSS0.0013EPSS
Exploits0References1
Rows per page
Query Builder