Total
645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2026-02-26 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49558 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 5.9 Medium |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-54093 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55680 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-02-26 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64457 | 1 Jetbrains | 3 Dottrace, Resharper, Rider | 2026-02-26 | 4.2 Medium |
| In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition | ||||
| CVE-2024-9183 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 7.7 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions. | ||||
| CVE-2025-64645 | 1 Ibm | 1 Concert | 2026-02-26 | 7.7 High |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | ||||
| CVE-2023-6917 | 2 Redhat, Sgi | 2 Enterprise Linux, Performance Co-pilot | 2026-02-25 | 6 Medium |
| A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation. | ||||
| CVE-2020-1337 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2026-02-23 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | ||||
| CVE-2025-59497 | 2 Linux, Microsoft | 2 Linux, Defender For Endpoint | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59261 | 1 Microsoft | 16 Graphics Component, Windows, Windows 11 and 13 more | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55696 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-02-22 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-69211 | 1 Nestjs | 1 Nest | 2026-02-20 | 7.4 High |
| Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` (via `MiddlewareConsumer`) for security checks (authentication, authorization, etc.), or through `app.use()`; and applies middleware to specific routes using string paths or controllers (e.g., `.forRoutes('admin')`). Exploitation can result in unauthenticated users accessing protected routes, restricted administrative endpoints becoming accessible to lower-privileged users, and/or middleware performing sanitization or validation being skipped. This issue is patched in `@nestjs/platform-fastify@11.1.11`. | ||||
| CVE-2025-55236 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-20 | 7.3 High |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54895 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-20 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-13818 | 1 Eset | 1 Management Agent | 2026-02-18 | 6.7 Medium |
| Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | ||||
| CVE-2025-21191 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49730 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48818 | 1 Microsoft | 23 Bitlocker, Windows, Windows 10 and 20 more | 2026-02-13 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-48001 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1507 and 21 more | 2026-02-13 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||