Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13818 | 1 Eset | 1 Management Agent | 2026-02-18 | N/A | 6.7 MEDIUM |
| Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | |||||
| CVE-2026-23950 | 1 Isaacs | 1 Tar | 2026-02-18 | N/A | 8.8 HIGH |
| node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue. | |||||
| CVE-2026-25728 | 1 Oxygenz | 1 Clipbucket | 2026-02-18 | N/A | 7.5 HIGH |
| ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before validating them, creating a window where an attacker can execute arbitrary PHP code before the file is deleted. The uploaded file was moved to a web-accessible path via move_uploaded_file(), then validated via ValidateImage(). If validation failed, the file was deleted via @unlink(). This vulnerability is fixed in 5.5.3 - #40. | |||||
| CVE-2026-25641 | 1 Nyariv | 1 Sandboxjs | 2026-02-18 | N/A | 10.0 CRITICAL |
| SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is never enforced. So, attackers can pass malicious objects that coerce to different string values when used, e.g., one for the time the key is sanitized using hasOwnProperty(key) and a different one for when the key is used for the actual property access. This vulnerability is fixed in 0.8.29. | |||||
| CVE-2026-20677 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-02-17 | N/A | 9.0 CRITICAL |
| A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions. | |||||
| CVE-2026-26224 | 2026-02-13 | N/A | N/A | ||
| Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root. | |||||
| CVE-2026-21523 | 1 Microsoft | 1 Visual Studio Code | 2026-02-11 | N/A | 8.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-21240 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-02-11 | N/A | 7.8 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24071 | 1 Native-instruments | 1 Native Access | 2026-02-11 | N/A | 7.8 HIGH |
| It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks. | |||||
| CVE-2025-67124 | 1 Svenstaro | 1 Miniserve | 2026-02-11 | N/A | 6.8 MEDIUM |
| A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume). | |||||
| CVE-2024-36311 | 2026-02-10 | N/A | N/A | ||
| A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability. | |||||
| CVE-2026-25052 | 1 N8n | 1 N8n | 2026-02-05 | N/A | 9.9 CRITICAL |
| n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0. | |||||
| CVE-2022-27540 | 1 Hp | 706 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 703 more | 2026-01-30 | N/A | 7.8 HIGH |
| A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. | |||||
| CVE-2025-21746 | 1 Linux | 1 Linux Kernel | 2026-01-30 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse instance presumably associated with the pass-through port to figure out if only 1 byte of response or entire protocol packet needs to be forwarded to the pass-through port and may crash if psmouse instance has not been attached to the port yet. Fix the crash by introducing open() and close() methods for the port and check if the port is open before trying to access psmouse instance. Because psmouse calls serio_open() only after attaching psmouse instance to serio port instance this prevents the potential crash. | |||||
| CVE-2026-22281 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 3.5 LOW |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-47332 | 1 Qualcomm | 148 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 145 more | 2026-01-28 | N/A | 6.7 MEDIUM |
| Memory corruption while processing a config call from userspace. | |||||
| CVE-2025-47344 | 1 Qualcomm | 164 Csra6620, Csra6620 Firmware, Csra6640 and 161 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while handling sensor utility operations. | |||||
| CVE-2024-47494 | 1 Juniper | 1 Junos | 2026-01-26 | N/A | 5.9 MEDIUM |
| A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. | |||||
| CVE-2026-1035 | 2026-01-26 | N/A | 3.1 LOW | ||
| A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined. | |||||
| CVE-2026-22820 | 1 Outray | 1 Outray | 2026-01-20 | N/A | 3.7 LOW |
| Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5. | |||||