Total
1720 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3303 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-21 | N/A | 4.7 MEDIUM |
| A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | |||||
| CVE-2022-3071 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | N/A | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | |||||
| CVE-2022-3049 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | N/A | 8.8 HIGH |
| Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-43980 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2025-05-21 | N/A | 3.7 LOW |
| The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | |||||
| CVE-2022-41848 | 1 Linux | 1 Linux Kernel | 2025-05-20 | N/A | 4.2 MEDIUM |
| drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | |||||
| CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-19 | N/A | 5.9 MEDIUM |
| Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-29841 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27468 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-19 | N/A | 7.0 HIGH |
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-1493 | 1 Ibm | 1 Db2 | 2025-05-16 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. | |||||
| CVE-2025-20039 | 2025-05-16 | N/A | 6.6 MEDIUM | ||
| Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-20104 | 2025-05-16 | N/A | 7.3 HIGH | ||
| Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-32421 | 2025-05-16 | N/A | 3.7 LOW | ||
| Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers. | |||||
| CVE-2024-20007 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2025-05-15 | N/A | 7.5 HIGH |
| In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | |||||
| CVE-2024-49128 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-05-13 | N/A | 8.1 HIGH |
| Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2025-05-12 | N/A | 5.3 MEDIUM |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7. | |||||
| CVE-2025-3886 | 1 Catonetworks | 1 Cato Client | 2025-05-12 | N/A | 8.1 HIGH |
| An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component. | |||||
| CVE-2025-47735 | 2025-05-12 | N/A | 2.9 LOW | ||
| inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. | |||||
| CVE-2025-46336 | 2025-05-12 | N/A | 4.2 MEDIUM | ||
| Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1. | |||||
| CVE-2024-24255 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-05-08 | N/A | 4.2 MEDIUM |
| A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. | |||||
| CVE-2024-26869 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_write : write old data to new blkaddr Because invalidate_mapping_pages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncate_inode_pages_range() instead of invalidate_mapping_pages() to make sure meta_inode page will be dropped. | |||||