Total
642 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46805 | 2026-04-15 | 5.5 Medium | ||
| Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. | ||||
| CVE-2025-27812 | 1 Msi | 1 Center | 2026-04-15 | 8.1 High |
| MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | ||||
| CVE-2024-21792 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 4.7 Medium |
| Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2025-8192 | 2 Android, Google | 3 Android, Tv, Android Tv | 2026-04-15 | N/A |
| There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function. | ||||
| CVE-2023-32282 | 1 Intel | 1 Processors | 2026-04-15 | 7.2 High |
| Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-3292 | 1 Tenable | 1 Nessus Agent | 2026-04-15 | 8.2 High |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292 | ||||
| CVE-2024-51563 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 6.5 Medium |
| The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. | ||||
| CVE-2025-23279 | 1 Nvidia | 1 Gpu Display Driver | 2026-04-15 | 7 High |
| NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. | ||||
| CVE-2025-58131 | 2 Apple, Zoom | 4 Macos, Vdi Vmware, Workplace and 1 more | 2026-04-15 | 6.6 Medium |
| Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2024-29149 | 1 Alcatel-lucent | 7 Ale 20, Ale 20h, Ale 30 and 4 more | 2026-04-15 | 7.4 High |
| An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. | ||||
| CVE-2024-3290 | 1 Tenable | 1 Nessus | 2026-04-15 | 8.2 High |
| A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host | ||||
| CVE-2025-46415 | 2026-04-15 | 3.2 Low | ||
| A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
| CVE-2024-36311 | 1 Amd | 5 Ryzen 5000 Series Desktop Processors, Ryzen 7000 Series Desktop Processors, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-04-15 | N/A |
| A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2025-62724 | 1 Osc | 1 Open Ondemand | 2026-04-15 | 4.3 Medium |
| Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" (TOCTOU) attack when downloading zip files to access files outside of the OOD_ALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all current versions of OOD. However, files accessed are still protected by the UNIX permissions. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability. | ||||
| CVE-2024-10972 | 2026-04-15 | 7.3 High | ||
| Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. | ||||
| CVE-2024-8244 | 1 Golang | 1 Go | 2026-04-15 | 3.7 Low |
| The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress. | ||||
| CVE-2024-48322 | 1 Run.codes | 1 Run.codes | 2026-04-15 | 8.1 High |
| UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | ||||
| CVE-2024-48394 | 2026-04-15 | 7.8 High | ||
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software. | ||||
| CVE-2025-2425 | 2026-04-15 | N/A | ||
| Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | ||||
| CVE-2024-13960 | 2026-04-15 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||