Lucene search
K

1565 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-45203

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

0.00116EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43043

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

6.1AI score0.00116EPSS
Exploits0References1
Snyk
Snyk
added 4 days ago4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS0.00096EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42817

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS6.2AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS6.2AI score0.00096EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 5 days ago18 views

CVE-2025-58151

CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.34 views

CVE-2026-25271 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...

7.8CVSS0.00052EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.12 views

CVE-2026-25271

The CVE describes a TOCTOU race condition in Qualcomm DSP Service causing memory corruption when processing asynchronous input parameters due to improper handling of modified values between check and use. Affected component: DSP Service (Qualcomm). Root cause: TOCTOU under asynchronous input para...

7.8CVSS6AI score0.00052EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/06 7:54 p.m.8 views

EUVD-2026-24992

install: TOCTOU symlink race unlink-then-create without OEXCL allows arbitrary file overwrite...

6.3CVSS6AI score0.00118EPSS
Exploits1References5
NVD
NVD
added 2026/07/03 9:17 p.m.10 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 8:35 p.m.8 views

EUVD-2026-41572

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.8 views

CVE-2026-58299

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.9 views

Microsoft Edge for Android Remote Code Execution Vulnerability

Time-of-check time-of-use toctou race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.0027EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55645

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists, which is a software bug where a system checks the state of a resource before using it, but the state changes betwe...

7.5CVSS6.3AI score0.0027EPSS
Exploits0References7
Rows per page
Query Builder