Total
519 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50379 | 3 Apache, Netapp, Redhat | 6 Tomcat, Bootstrap Os, Hci Compute Node and 3 more | 2025-08-08 | 9.8 Critical |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. | ||||
| CVE-2015-1865 | 1 Gnu | 1 Coreutils | 2025-08-06 | 5.1 Medium |
| fts.c in coreutils 8.4 allows local users to delete arbitrary files. | ||||
| CVE-2023-27327 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964. | ||||
| CVE-2023-27323 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A |
| Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18150. | ||||
| CVE-2024-27238 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Workplace Desktop | 2025-08-05 | 7.1 High |
| Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. | ||||
| CVE-2024-39821 | 1 Zoom | 2 Rooms, Workplace Desktop | 2025-08-05 | 6.6 Medium |
| Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | ||||
| CVE-2025-23279 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-05 | 7 High |
| NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. | ||||
| CVE-2025-8192 | 2 Android, Google | 3 Android, Tv, Android Tv | 2025-07-31 | N/A |
| There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function. | ||||
| CVE-2024-1729 | 1 Gradio Project | 1 Gradio | 2025-07-30 | N/A |
| A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access. | ||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-30 | 8.8 High |
| Microsoft Outlook Security Feature Bypass Vulnerability | ||||
| CVE-2022-48618 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-30 | 7 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | ||||
| CVE-2024-30088 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-30 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2025-22224 | 1 Vmware | 2 Esxi, Workstation | 2025-07-30 | 9.3 Critical |
| VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | ||||
| CVE-2022-44670 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-22 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2025-2425 | 2025-07-22 | N/A | ||
| Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | ||||
| CVE-2020-15522 | 2 Bouncycastle, Redhat | 8 Bc-csharp, Bouncy Castle Fips .net Api, Fips Java Api and 5 more | 2025-07-17 | 5.9 Medium |
| Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | ||||
| CVE-2024-35265 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-07-16 | 7 High |
| Windows Perception Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-30099 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-16 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-30084 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-16 | 7 High |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-47494 | 1 Juniper Networks | 1 Junos Os | 2025-07-13 | 5.9 Medium |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. | ||||