1598 matches found
CVE-2026-49958
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-45487
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
EUVD-2026-35673
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
CVE-2026-49958
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-45647
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
EUVD-2026-35571
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2026-45647
CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...
CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-49958
Hermes WebUI is affected by a TOCTOU race in git_discard (api/workspace_git.py) prior to version 0.51.303. An attacker can replace a validated path component with a symlink between safe_resolve_ws() and the subsequent Path.unlink() or shutil.rmtree() call, causing the delete operation to follow t...
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
PT-2026-48010
Name of the Vulnerable Software and Affected Versions Microsoft Defender for Endpoint for Mac affected versions not specified Description A time-of-check time-of-use TOCTOU race condition occurs in Microsoft Defender for Endpoint. This is a software bug where a system checks a condition such as a...
PT-2026-47969
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A Time-of-check time-of-use TOCTOU race condition exists in the Program Compatibility Assistant Service. This flaw allows an authorized attacker to elevate privileges locally, enabling them t...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Time-of-check Time-of-use Race Condition CVE-2026-1035
Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2025-14559 DESCRIPTION: A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh toke...
Important: Red Hat Security Advisory: libcap security update
An update for libcap is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...
EulerOS Virtualization 2.12.0 : python-virtualenv (EulerOS-SA-2026-2113)
According to the versions of the python-virtualenv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU...
CVE-2025-71215
A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
CVE-2022-23826
A TOCTOU Time-Of-Check to Time-Of-Use in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity...
CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
CVE-2026-34354
Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...