380 matches found
EUVD-2026-24994
install -D: symlink race in directory creation allows arbitrary file overwrite...
CVE-2026-12374
Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...
CVE-2026-10546 DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...
CVE-2026-14160
Technical details about CVE-2026-14160 are not publicly provided in the supplied documents. Monitor for updates from Samsung Escargot advisories and NVD entries.
Linux Distros Unpatched Vulnerability : CVE-2026-54370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by...
UBUNTU-CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
EUVD-2026-40086
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
CVE-2026-41991 Predictable Temporary File in GNU gzip
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
EUVD-2026-40000
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...
Linux Distros Unpatched Vulnerability : CVE-2026-53250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable...
EulerOS 2.0 SP15 : libcap (EulerOS-SA-2026-2446)
According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...
JLSEC-2026-626 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-53250
CVE-2026-53250 : In the Linux kernel, the xsk_skb_metadata() path is vulnerable to a TOCTOU race in which csum_start and csum_offset are read from shared UMEM and then read again for skb assignment. A malicious userspace process can overwrite values between reads, bypassing bounds checks and caus...
CVE-2026-53214
The CVE-2026-53214 entry concerns the Linux kernel IPv6 code. The vulnerability occurs when addrconf_get_prefix_route() can return the fib6_null_entry sentinel, which has a NULL fib6_table pointer. Before setting a route’s expiration time, the code must verify that it is not operating on the fib6...
PT-2026-52163
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A Server-Side Request Forgery SSRF issue exists in the URL component located at src/lfx/src/lfx/components/data source/url.py. This is caused by a Time-of-Check/Time-of-Use TOCTOU race...
CVE-2026-56258
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...
GHSA-JC38-X7X8-2XC8 PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...
RockyLinux 8 : rsync (RLSA-2026:26408)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26408 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...
rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.
A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...