Lucene search
K

106 matches found

EUVD
EUVD
added 2026/07/06 7:54 p.m.5 views

EUVD-2026-24994

install -D: symlink race in directory creation allows arbitrary file overwrite...

6.3CVSS6AI score0.00108EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 2:9 a.m.15 views

CVE-2026-14160

Technical details about CVE-2026-14160 are not publicly provided in the supplied documents. Monitor for updates from Samsung Escargot advisories and NVD entries.

5.9CVSS5.8AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 12:38 p.m.8 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.53 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 2:45 p.m.11 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 1:16 p.m.8 views

CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS0.00656EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22332-1 Security update for util-linux

This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References3
OSV
OSV
added 2026/06/18 9:9 p.m.12 views

GHSA-JC38-X7X8-2XC8 PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...

9.1CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS4.8AI score0.0025EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/02 3:13 p.m.99 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Linux Linux_Kernel

📺 chronomaly-webos - Gain root access on LG TVs !https://...

7.4CVSS6.8AI score0.01345EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2026/06/01 10:5 p.m.9 views

CVE-2026-25260 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:27 a.m.7 views

CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 3:10 p.m.18 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes April 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In...

8.9CVSS7.6AI score0.01204EPSS
Exploits6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43334

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows affected versions not specified Description An issue exists where an attacker could cause a time-of-check time-of-use TOCTOU condition. TOCTOU is a race condition where a system checks a condition such as a...

7.8CVSS5.3AI score0.00138EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/21 1:3 p.m.18 views

CVE-2026-7837

A flaw was found in Netatalk. A remote attacker may exploit a time-of-check time-of-use TOCTOU condition, where the state of a resource is checked, and then used, but the state changes between the check and the use. This condition, specifically in the adflush function, involves root-privileged fi...

3.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 1:2 p.m.41 views

CVE-2025-71215

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

0.00301EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 2:25 a.m.12 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.7AI score0.00188EPSS
Exploits1References5
Hacker One
Hacker One
added 2026/05/19 11:30 a.m.38 views

curl: curl --skip-existing has a TOCTOU race that lets a post-check symlink redirect the later download write

Summary: The curl CLI's --skip-existing option performs a separate existence check before the download body is written. In the verified path, curl first calls stat on the target pathname and decides "the file does not exist, so continue", but it does not keep an fd bound to that decision. The...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:37 a.m.11 views

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5.1CVSS5.8AI score0.00075EPSS
Exploits0References2
Rows per page
Query Builder