CVE-2026-46159

The CVE concerns the Linux kernel's btrfs_ioctl_space_info() where a TOCTOU race between two passes over block group RAID type lists can leak kernel data to userspace. The first pass counts entries to determine alloc_size, then the second pass fills the buffer; releasing groups_sem between passes...

CVE-2026-45927

In CVE-2026-45927, the Linux kernel BPF path bpf_map_get_info_by_fd caches the map hash regardless of the map’s frozen state, enabling a TOCTOU where a loader could verify a stale hash before freezing contents. The fix returns -EPERM if the map is not frozen when the hash is requested, ensuring t...

RHEL 9 : libcap (RHSA-2026:21254)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21254 advisory. Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation vi...

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

GHSA-GGC5-46RG-MR4V uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...

CVE-2026-26017

CoreDNS (CVE-2026-26017) is affected prior to version 1.14.2. A TOCTOU vulnerability arises because the default execution order causes security plugins (e.g., acl) to be evaluated before the rewrite plugin, allowing DNS access controls to be bypassed. The issue is fixed in v1.14.2. Organizations ...

CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Linux Linux_Kernel

SENTINEL-ROOT-AUDIT: Honor Magic V2 Hypervisor Detection Suite...

Security update for python-filelock

This update for python-filelock fixes the following issues: CVE-2026-22701: Fixed TOCTOU race condition in SoftFileLock implementation of he filelock package bsc1256457 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2026-21912

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

CVE-2021-33097

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for IntelR SGX may allow a privileged user to potentially enable escalation of privilege via network access...

PT-2025-51377

Name of the Vulnerable Software and Affected Versions Fancy Product Designer plugin for WordPress versions prior to 6.4.9 Description The software contains a flaw due to inadequate validation of user-provided input in the url parameter of the 'fpd custom uplod file' AJAX action. This input is...

PT-2025-51468

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpd custom uplod file AJAX action. The plugin validates the URL ...

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

EUVD-2025-38234

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

Siemens SIMATIC Devices Time-of-check Time-of-use Race Condition (CVE-2024-26974)

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-55696

Time-of-check time-of-use toctou race condition in NtQueryInformation Token function ntifs.h allows an authorized attacker to elevate privileges locally...

EUVD-2020-1708

Malware in sbrugna...

EUVD-2021-10898

Malware in sbrugna...

EUVD-2018-0210

Malware in sbrugna...