CVE-2026-56258 Crawl4AI - Arbitrary File Write via output_path Symlink and TOCTOU

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

CVE-2026-56258

CVE-2026-56258 affects Crawl4AI prior to 0.8.8. An arbitrary file write exists in the screenshot and PDF endpoints via output_path, exploiting insufficient path validation and symlink following with TOCTOU. Unauthenticated remote attackers can write files outside the intended directory, potential...

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

Security Bulletin: MongoDB Enterprised Advanced affected by: Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-2026-22751)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22751. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22751 DESCRIPTION: Vulnerability in Spring Spring Security. Applications that...

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

vader-toctou

OPERATION VADER — TOCTOU EXPLOITATION SYLLABUS OPERATIONS...

CVE-2026-54055

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, specifically a child process running within the terminal, can exploit a Time-of-Check-Time-of-Use TOCTOU race condition in the file transmission protocol. This allows the attacker to create a symbolic link between a...

EUVD-2026-36637

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

Linux Distros Unpatched Vulnerability : CVE-2026-54228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create...

Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

GHSA-9WCP-79G5-5C3C Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

EUVD-2026-35673

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

CVE-2026-45647

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

CVE-2026-45647

CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...

EUVD-2026-35571

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

CVE-2026-49958

Hermes WebUI is affected by a TOCTOU race in git_discard (api/workspace_git.py) prior to version 0.51.303. An attacker can replace a validated path component with a symlink between safe_resolve_ws() and the subsequent Path.unlink() or shutil.rmtree() call, causing the delete operation to follow t...