Lucene search
+L

1598 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.12 views

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.48 views

EUVD-2026-35673

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS0.00081EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.21 views

CVE-2026-45647

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

7CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.11 views

EUVD-2026-35571

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

5.5CVSS5.4AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.32 views

CVE-2026-45647

CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...

7CVSS5.4AI score0.00215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:35 p.m.36 views

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS0.00081EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:35 p.m.21 views

CVE-2026-49958

Hermes WebUI is affected by a TOCTOU race in git_discard (api/workspace_git.py) prior to version 0.51.303. An attacker can replace a validated path component with a symlink between safe_resolve_ws() and the subsequent Path.unlink() or shutil.rmtree() call, causing the delete operation to follow t...

5CVSS5.6AI score0.00081EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.22 views

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00215EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48010

Name of the Vulnerable Software and Affected Versions Microsoft Defender for Endpoint for Mac affected versions not specified Description A time-of-check time-of-use TOCTOU race condition occurs in Microsoft Defender for Endpoint. This is a software bug where a system checks a condition such as a...

7CVSS5.8AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-47969

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A Time-of-check time-of-use TOCTOU race condition exists in the Program Compatibility Assistant Service. This flaw allows an authorized attacker to elevate privileges locally, enabling them t...

7.8CVSS5.2AI score0.00184EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:40 p.m.10 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Time-of-check Time-of-use Race Condition CVE-2026-1035

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14559 DESCRIPTION: A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh toke...

6.5CVSS5.4AI score0.00443EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/08 2:9 a.m.19 views

Important: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/08 2:9 a.m.15 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.4AI score0.00188EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.19 views

EulerOS Virtualization 2.12.0 : python-virtualenv (EulerOS-SA-2026-2113)

According to the versions of the python-virtualenv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU...

4.5CVSS5.4AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-71215

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7CVSS7.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2022-23826

A TOCTOU Time-Of-Check to Time-Of-Use in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity...

1.8CVSS5.5AI score0.00082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS5.5AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

7.4CVSS5.7AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder