EUVD-2026-36556

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

AZL-79235 CVE-2026-22701 affecting package python-filelock 3.0.12-13

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

CVE-2026-22701

Summary of CVE-2026-22701 (python-filelock) A TOCTOU race condition affects the SoftFileLock implementation in python-filelock prior to version 3.20.3. With local filesystem access and the ability to create symlinks, an attacker can exploit a race between the permission validation and file creati...

CVE-2025-54667

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects myCred: from n/a through = 2.9.4.3...

CVE-2025-50158

Time-of-check time-of-use toctou race condition in Windows NTFS allows an unauthorized attacker to disclose information locally...

CVE-2025-27076 Time-of-check Time-of-use (TOCTOU) Race Condition in Display

Memory corruption while processing simultaneous requests via escape path...

CVE-2025-21455

CVE-2025-21455 describes memory corruption when submitting blob data to kernel space through IOCTL on Qualcomm chipsets. Affected component: kernel IOCTL handling for blob data. Root cause: memory corruption in blob submission path; exploitation is local (attack vector LOCAL) with low privileges ...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...

CVE-2025-30663 Zoom Workplace Apps - Time-of-check Time-of-use

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access...

UBUNTU-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CLSA-2024-1727167500 kernel: Fix of 11 CVEs

wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds CVE-2024-42148 - exec: Fix ToCToU between perm check and set-uid/gid usage CVE-2024-43882 - scsi: aacraid: Fix double-free on probe failure...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-30471

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...

CVE-2023-33119 Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

Razer Synapse Race Condition / DLL Hijacking

Advisory ID: SYSS-2023-002 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.8.0428.042117 20230601 Tested Versions: 3.8.0228.022313 20230315 under Windows 10 Pro 10.0.19044 under Windows 11 Home 10.0.22621 Vulnerability Type: Improper Privilege Management CWE-2...

CVE-2023-22397

An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine PFE on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environme...

CVE-2022-25716 Time-of-check Time-of-use Race Condition in Multimedia Framework

Memory corruption in Multimedia Framework due to unsafe access to the data members...

CVE-2022-34325

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...