CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka "Unauthenticated HTTPS port access." A race condition exists in the AWS4-HMAC compatible wi...

SUSE CVE-2021-29948

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird 78.10...

CVE-2021-34788

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect...

The vulnerability of the DLL loading mechanism used by Cisco AnyConnect Secure Mobility Client for Windows allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the DLL loading mechanism used by Cisco AnyConnect Secure Mobility Client for Windows arises from a situation where there is a race in the process of verifying signatures for DLL files. Exploiting this vulnerability allows an attacker to execute arbitrary code with SYSTEM...

nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)

A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application...