Lucene search
K

174 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-10546 DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS0.00146EPSS
Exploits0References1
OSV
OSV
added 5 days ago4 views

UBUNTU-CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : libcap (EulerOS-SA-2026-2446)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

7CVSS7.1AI score0.00188EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-626 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS6AI score0.00152EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52163

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A Server-Side Request Forgery SSRF issue exists in the URL component located at src/lfx/src/lfx/components/data source/url.py. This is caused by a Time-of-Check/Time-of-Use TOCTOU race...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

RockyLinux 8 : rsync (RLSA-2026:26408)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26408 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

8.1CVSS5.5AI score0.0078EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 2:45 p.m.6 views

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

7.8CVSS5.3AI score0.00152EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/06/16 12:0 a.m.22 views

Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

8.1CVSS5.4AI score0.0078EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.15 views

PT-2026-49073

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists in the SetElement method of the abrt-dbus D-Bus service. A TOCTOU race condition occurs when a program checks a condition such as a...

7.8CVSS5.6AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 8:16 p.m.14 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00072EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:16 p.m.5 views

UBUNTU-CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 11:7 a.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the AbstractOAuthDataProvider method when handling refresh tokens if the recycleRefreshTokens...

9.1CVSS5.4AI score0.00294EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : libcap (EulerOS-SA-2026-2402)

According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 5:4 p.m.19 views

CVE-2026-45487

CVE-2026-45487 is a Windows vulnerability in the Program Compatibility Assistant Service where a TOCTOU race condition enables a local, authorized user to elevate privileges. Affected component: Program Compatibility Assistant Service on Windows. Root cause: TOCTOU race condition allowing privile...

7.8CVSS5.4AI score0.00184EPSS
Exploits0References1Affected Software8
Vulnrichment
Vulnrichment
added 2026/06/09 4:35 p.m.9 views

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48120

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the git discard function within api/workspace git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a...

5CVSS5.6AI score0.00081EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : libcap (EulerOS-SA-2026-2249)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44469

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.5AI score0.00105EPSS
Exploits0References1
Rows per page
Query Builder