15 matches found
CVE-2026-56258
CVE-2026-56258 affects Crawl4AI prior to 0.8.8. An arbitrary file write exists in the screenshot and PDF endpoints via output_path, exploiting insufficient path validation and symlink following with TOCTOU. Unauthenticated remote attackers can write files outside the intended directory, potential...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a TOCTOU race condition in the tpacketsnd function’s mmap d vnethdr operation. This vulnerability...
CVE-2023-20548
A Time-of-check time-of-use TOCTOU race condition in the AMD Secure Processor ASP could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability...
CVE-2025-14740 Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
BIT-VIRTUALENV-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...
CVE-2025-47332 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
Memory corruption while processing a config call from userspace...
CVE-2024-8244
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
SUSE CVE-2025-46327
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in HTTP pipelining when handling an invalid initial request. An attacker can exploit this...
SUSE CVE-2023-52478
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...
CVE-2023-27470
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...
CVE-2022-27541
Potential Time-of-Check to Time-of Use TOCTOU vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure...
Insyde InsydeH2O 安全漏洞
RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments.A competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, whi...
Zoom Plugin Code Execution Vulnerability
Zoom Plugin is a plug-in from Zoom ZOOM, Inc. A security vulnerability exists in previous versions of Zoom Plugin for Microsoft Outlook for MacOS 5.3.52553.0918, which stems from a Time of Check Use TOC TOU vulnerability included in the plug-in installation process. An attacker could exploit this...
nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application...