Lucene search
+L

34771 matches found

cve
cve
added 6 hours ago4 views

CVE-2026-62212

CVE-2026-62212 affects OpenClaw prior to 2026.5.28. A race condition exists in the MS Teams safeFetch DNS rebinding check when the affected feature is enabled and reachable. A lower-trust caller or configured input path could win the timing window between DNS validation and usage, enabling action...

7.1CVSS6.1AI score
Exploits0References2
euvd
euvd
added 6 hours ago2 views

EUVD-2026-45100

OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...

7.1CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday28 views

CVE-2026-53410

CVE-2026-53410 describes a TOCTOU race condition in the installation and uninstallation flow of certain Zoom Clients for Windows that could allow an authenticated local user to escalate privileges. Affected components include Zoom Workplace for Windows, Zoom Workplace VDI Client, Zoom Workplace V...

7CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday5 views

CVE-2026-14254

CVE-2026-14254 describes a race condition in Delphix Continuous Data’s account lockout mechanism. Parallel authentication requests could bypass the lockout threshold because the failed-login counter and lockout status were not updated in time, undermining brute-force protections and allowing cont...

8.3CVSS6.1AI score
Exploits0References1
nuclei
nuclei
added yesterday47 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
nuclei
nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
nuclei
nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
nvd
nvd
added 2 days ago5 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00496EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago31 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00496EPSS
Exploits0References3
cve
cve
added 2 days ago12 views

CVE-2026-53518

CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...

7.6CVSS6.2AI score0.00496EPSS
Exploits0References3
redhat
redhat
added 2 days ago5 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
nvd
nvd
added 3 days ago6 views

CVE-2026-48344

Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...

7.8CVSS0.00104EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago42 views

CVE-2026-48344 GoCart | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...

7.8CVSS0.00104EPSS
Exploits0References1
cve
cve
added 3 days ago11 views

CVE-2026-48344

CVE-2026-48344 involves Creative Cloud Desktop and a TOCTOU race condition (CWE-367) that could lead to arbitrary code execution in the context of the current user . The issue is described as exploitable under conditions beyond the attacker’s control, with no user interaction required . Per the c...

7.8CVSS6.5AI score0.00104EPSS
Exploits0References1Affected Software1
nvd
nvd
added 3 days ago4 views

CVE-2026-58628

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Wireless Networking allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00186EPSS
Exploits0References1
nvd
nvd
added 3 days ago5 views

CVE-2026-58543

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack...

6.3CVSS0.00171EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-58531

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB allows an authorized attacker to elevate privileges over a network...

7.5CVSS0.00503EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-58527

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Runtime allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00244EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-56649

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Network File System allows an unauthorized attacker to execute code over a network...

5.9CVSS0.00641EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-56178

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

5.5CVSS0.00191EPSS
Exploits0References1
Rows per page
Query Builder