34771 matches found
CVE-2026-62212
CVE-2026-62212 affects OpenClaw prior to 2026.5.28. A race condition exists in the MS Teams safeFetch DNS rebinding check when the affected feature is enabled and reachable. A lower-trust caller or configured input path could win the timing window between DNS validation and usage, enabling action...
EUVD-2026-45100
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could win a timing window between the DNS validation check and use, allowing actions that should hav...
CVE-2026-53410
CVE-2026-53410 describes a TOCTOU race condition in the installation and uninstallation flow of certain Zoom Clients for Windows that could allow an authenticated local user to escalate privileges. Affected components include Zoom Workplace for Windows, Zoom Workplace VDI Client, Zoom Workplace V...
CVE-2026-14254
CVE-2026-14254 describes a race condition in Delphix Continuous Data’s account lockout mechanism. Parallel authentication requests could bypass the lockout threshold because the failed-login counter and lockout status were not updated in time, undermining brute-force protections and allowing cont...
Webmin < 1.920 - Authenticated Remote Code Execution
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...
CVE-2026-53518
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53518
CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
CVE-2026-48344
Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...
CVE-2026-48344 GoCart | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...
CVE-2026-48344
CVE-2026-48344 involves Creative Cloud Desktop and a TOCTOU race condition (CWE-367) that could lead to arbitrary code execution in the context of the current user . The issue is described as exploitable under conditions beyond the attacker’s control, with no user interaction required . Per the c...
CVE-2026-58628
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Wireless Networking allows an authorized attacker to elevate privileges locally...
CVE-2026-58543
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack...
CVE-2026-58531
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB allows an authorized attacker to elevate privileges over a network...
CVE-2026-58527
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Runtime allows an authorized attacker to elevate privileges locally...
CVE-2026-56649
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Network File System allows an unauthorized attacker to execute code over a network...
CVE-2026-56178
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...