Total
2246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23735 | 2026-01-16 | N/A | ||
| GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the service when the context is injected via @ExecutionContext(). ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. This vulnerability is fixed in 2.4.1 and 3.1.1. | ||||
| CVE-2025-12383 | 1 Eclipse | 1 Jersey | 2026-01-16 | 7.4 High |
| In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC) | ||||
| CVE-2025-39813 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-16 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __find_next_entry ring_buffer_empty_cpu <- all empty return NULL trace_printk_seq(&iter.seq) WARN_ON_ONCE(s->seq.len >= s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations. | ||||
| CVE-2026-21221 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2026-01-16 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-22856 | 1 Freerdp | 1 Freerdp | 2026-01-16 | 5.6 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. | ||||
| CVE-2025-36934 | 1 Google | 1 Android | 2026-01-15 | 7.4 High |
| In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-68962 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68961 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.1 Medium |
| Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68960 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68958 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68957 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8.4 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68956 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68955 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 8 High |
| Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-68969 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 6.8 Medium |
| Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-20836 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20844 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-15 | 7.4 High |
| Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-20848 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-01-15 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20853 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-01-15 | 7.4 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-20826 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20830 | 1 Microsoft | 1 Windows Server 2025 | 2026-01-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally. | ||||