| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-5120 | High | 8.1 v3 | - | - | -No fix available yet | 2026-07-01 | A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user. |
| CVE-2026-14133 | Medium | 4.2 v3 | - | - | -No fix available yet | 2026-06-30 | Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-14082 | Unscored | - | - | - | -No fix available yet | 2026-06-30 | Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-14015 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-06-30 | Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-13905 | Medium | 4.2 v3 | - | - | -No fix available yet | 2026-06-30 | Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: Medium) |
| CVE-2026-13882 | Critical | 9.6 v3 | - | - | -No fix available yet | 2026-06-30 | Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-13874 | Medium | 5.3 v3 | - | - | -No fix available yet | 2026-06-30 | Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-10654 | Low | 3.1 v3 | - | - | -No fix available yet | 2026-06-30 | A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the connected peer concurrently sends its own DISC frame for dlci 0, rfcomm_handle_disc() invokes rfcomm_session_disconnected(), which unconditionally forced the session to BT_RFCOMM_STATE_DISCONNECTED without ever calling bt_l2cap_chan_disconnect(). Because the recovery timer was also cancelled and a later UA is ignored in the DISCONNECTED state, the session becomes permanently wedged: the underlying L2CAP channel is never released and the session slot in the fixed bt_rfcomm_pool[CONFIG_BT_MAX_CONN] |
| CVE-2026-43743 | Medium | 4.7 v3 | 0.1% | - | Fix available | 2026-06-29 | A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination. |
| CVE-2026-13502 | Medium | 4.5 v3 | 0.1% | - | -No fix available yet | 2026-06-28 | A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is restricted to local execution. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-46732 | Medium | 6.7 v3 | 0.1% | - | Fix available | 2026-06-25 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
| CVE-2026-47386 | Medium | 6.3 v4 | 0.2% | - | -No fix available yet | 2026-06-23 | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid (access_token, refresh_token) pair, breaking the single-use guarantee that PKCE relies on. This vulnerability is fixed in 2026.05.1. |
| CVE-2026-48505 | High | 7.4 v3 | 0.2% | - | -No fix available yet | 2026-06-22 | Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and their recovery codes, they get two authenticated sessions per recovery code burned instead of one, or more if they batch the parallel submissions wider, materially extending the attacker's window of access compared to what the single-use guarantee implies. This vulnerability is fixed in 4.11.5 and 5.6.5. |
| CVE-2026-12468 | High | 8.3 v3 | 0.1% | - | Fix available | 2026-06-19 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-12454 | High | 8.3 v3 | 0.1% | - | Fix available | 2026-06-19 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-48982 | Medium | 5.8 v3 | 0.1% | - | -No fix available yet | 2026-06-18 | pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent processes racing to update the same pad may both succeed in opening the file, with the second write silently overwriting the first. The one-time pad is the core replay-prevention mechanism of pam_usb. A successful race could result in the stored pad value diverging from what either process expected, potentially causing authentication failures or, in a precisely timed attack, creating a window for pad reuse. This issue has been fixed in version 0.9.2. |
| CVE-2026-42487 | High | 7.9 v3 | 0.1% | - | -No fix available yet | 2026-06-18 | HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far. |
| CVE-2026-0083 | High | 7.0 v3 | 0.1% | - | -No fix available yet | 2026-06-17 | In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2026-0068 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-17 | In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution privileges needed. User interaction is needed for exploitation. |
| CVE-2025-13036 | Critical | 9.2 v4 | 0.3% | - | -No fix available yet | 2026-06-16 | An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token. |
| CVE-2026-48708 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2026-06-15 | OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl.Parse(source) followed by t.Execute() on this shared instance with no synchronization. When two or more actions execute concurrently (which is the normal case — each ExecRequest spawns a goroutine), a race condition occurs: one goroutine's Parse overwrites the template tree while another goroutine is calling Execute, causing cross-user command contamination, Go runtime panic, and incorrect command execution. This issue has been resolved in version 3000.13.0. |
| CVE-2026-11677 | High | 8.3 v3 | 0.1% | - | Fix available | 2026-06-15 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-54229 | High | 7.0 v3 | 0.1% | - | -No fix available yet | 2026-06-13 | A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows an attacker to gain filesystem-level control of the dump directory while privileged event scripts are still running. |
| CVE-2026-12022 | High | 8.3 v3 | 0.2% | - | Fix available | 2026-06-11 | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) |
| CVE-2026-46693 | Medium | 4.1 v3 | 0.1% | - | Fix available | 2026-06-10 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23. |
| CVE-2026-44693 | High | 8.8 v3 | 0.2% | - | -No fix available yet | 2026-06-10 | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1. |
| CVE-2022-26758 | High | 7.1 v3 | 0.1% | - | Fix available | 2026-06-10 | A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. |
| CVE-2026-46187 | Medium | 5.5 v3 | 0.1% | - | Fix available | 2026-06-09 | In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed. |
| CVE-2026-11145 | Medium | 5.3 v3 | 0.2% | - | Fix available | 2026-06-09 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-45603 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-45601 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-45598 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-45597 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-45596 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-44818 | High | 7.0 v3 | 0.3% | - | Fix available | 2026-06-09 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-42991 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| CVE-2026-42979 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| CVE-2026-42978 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| CVE-2026-42977 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| CVE-2026-42913 | High | 7.5 v3 | 0.5% | - | Fix available | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| CVE-2026-42912 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
| CVE-2026-42909 | High | 7.5 v3 | 0.4% | - | Fix available | 2026-06-09 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| CVE-2026-42836 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-06-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. |
| CVE-2025-10263 | Critical | 9.3 v3 | 0.5% | - | Fix available | 2026-06-09 | No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally. |
| CVE-2026-46272 | Low | 3.9 v3 | 0.1% | - | Fix available | 2026-06-09 | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] [..snip..] Call trace: tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] coresight_enable_path+0x1c8/0x218 [coresight] coresight_enable_sysfs+0xa4/0x228 [coresight] enable_source_store+0x58/0xa8 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_ |
| CVE-2026-11253 | Medium | 4.3 v3 | 0.1% | - | Fix available | 2026-06-05 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-10940 | High | 8.3 v3 | 0.2% | - | Fix available | 2026-06-05 | This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. |
| CVE-2026-10565 | Low | 3.1 v3 | 0.2% | - | -No fix available yet | 2026-06-02 | A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. |
| CVE-2026-9831 | Medium | 6.3 v3 | 0.2% | - | -No fix available yet | 2026-05-29 | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue was observed through ExtremeCloud IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE /Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT authentication were not affected. |
| CVE-2026-47741 | Medium | 5.9 v3 | 0.2% | - | -No fix available yet | 2026-05-29 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Under concurrent checkout pressure (Black Friday, flash sale, viral coupon), the global usage_limit was silently exceeded: orders were committed with the discount fully applied to price_amount while the counter blocked at usage_limit. The merchant had no signal that an over-redemption had occurred. This vulnerability is fixed in 2.8.0. |
- HighCVSS 8.1 v3·EPSS -·No fix yet
A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.
Published 2026-07-01
- MediumCVSS 4.2 v3·EPSS -·No fix yet
Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Published 2026-06-30
- UnscoredCVSS -·EPSS -·No fix yet
Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Published 2026-06-30
- MediumCVSS 6.5 v3·EPSS -·No fix yet
Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published 2026-06-30
- MediumCVSS 4.2 v3·EPSS -·No fix yet
Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: Medium)
Published 2026-06-30
- CriticalCVSS 9.6 v3·EPSS -·No fix yet
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Published 2026-06-30
- MediumCVSS 5.3 v3·EPSS -·No fix yet
Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published 2026-06-30
- CVSS 3.1 v3·EPSS -·No fix yet
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the connected peer concurrently sends its own DISC frame for dlci 0, rfcomm_handle_disc() invokes rfcomm_session_disconnected(), which unconditionally forced the session to BT_RFCOMM_STATE_DISCONNECTED without ever calling bt_l2cap_chan_disconnect(). Because the recovery timer was also cancelled and a later UA is ignored in the DISCONNECTED state, the session becomes permanently wedged: the underlying L2CAP channel is never released and the session slot in the fixed bt_rfcomm_pool[CONFIG_BT_MAX_CONN]
Published 2026-06-30
- MediumCVSS 4.7 v3·EPSS 0.1%·Fix available
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.
Published 2026-06-29
- MediumCVSS 4.5 v3·EPSS 0.1%·No fix yet
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is restricted to local execution. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-28
- MediumCVSS 6.7 v3·EPSS 0.1%·Fix available
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published 2026-06-25
- MediumCVSS 6.3 v4·EPSS 0.2%·No fix yet
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid (access_token, refresh_token) pair, breaking the single-use guarantee that PKCE relies on. This vulnerability is fixed in 2026.05.1.
Published 2026-06-23
- HighCVSS 7.4 v3·EPSS 0.2%·No fix yet
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and their recovery codes, they get two authenticated sessions per recovery code burned instead of one, or more if they batch the parallel submissions wider, materially extending the attacker's window of access compared to what the single-use guarantee implies. This vulnerability is fixed in 4.11.5 and 5.6.5.
Published 2026-06-22
- HighCVSS 8.3 v3·EPSS 0.1%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-19
- HighCVSS 8.3 v3·EPSS 0.1%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-19
- MediumCVSS 5.8 v3·EPSS 0.1%·No fix yet
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent processes racing to update the same pad may both succeed in opening the file, with the second write silently overwriting the first. The one-time pad is the core replay-prevention mechanism of pam_usb. A successful race could result in the stored pad value diverging from what either process expected, potentially causing authentication failures or, in a precisely timed attack, creating a window for pad reuse. This issue has been fixed in version 0.9.2.
Published 2026-06-18
- HighCVSS 7.9 v3·EPSS 0.1%·No fix yet
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.
Published 2026-06-18
- HighCVSS 7.0 v3·EPSS 0.1%·No fix yet
In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published 2026-06-17
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution privileges needed. User interaction is needed for exploitation.
Published 2026-06-17
- CriticalCVSS 9.2 v4·EPSS 0.3%·No fix yet
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.
Published 2026-06-16
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl.Parse(source) followed by t.Execute() on this shared instance with no synchronization. When two or more actions execute concurrently (which is the normal case — each ExecRequest spawns a goroutine), a race condition occurs: one goroutine's Parse overwrites the template tree while another goroutine is calling Execute, causing cross-user command contamination, Go runtime panic, and incorrect command execution. This issue has been resolved in version 3000.13.0.
Published 2026-06-15
- HighCVSS 8.3 v3·EPSS 0.1%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-15
- HighCVSS 7.0 v3·EPSS 0.1%·No fix yet
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows an attacker to gain filesystem-level control of the dump directory while privileged event scripts are still running.
Published 2026-06-13
- HighCVSS 8.3 v3·EPSS 0.2%·Fix available
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Published 2026-06-11
- MediumCVSS 4.1 v3·EPSS 0.1%·Fix available
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Published 2026-06-10
- HighCVSS 8.8 v3·EPSS 0.2%·No fix yet
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.
Published 2026-06-10
- HighCVSS 7.1 v3·EPSS 0.1%·Fix available
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.
Published 2026-06-10
- MediumCVSS 5.5 v3·EPSS 0.1%·Fix available
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed.
Published 2026-06-09
- MediumCVSS 5.3 v3·EPSS 0.2%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.3%·Fix available
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Published 2026-06-09
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.5 v3·EPSS 0.5%·Fix available
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- HighCVSS 7.5 v3·EPSS 0.4%·Fix available
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Published 2026-06-09
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Published 2026-06-09
- CriticalCVSS 9.3 v3·EPSS 0.5%·Fix available
No cwe for this issue in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
Published 2026-06-09
- CVSS 3.9 v3·EPSS 0.1%·Fix available
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] [..snip..] Call trace: tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] coresight_enable_path+0x1c8/0x218 [coresight] coresight_enable_sysfs+0xa4/0x228 [coresight] enable_source_store+0x58/0xa8 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_
Published 2026-06-09
- MediumCVSS 4.3 v3·EPSS 0.1%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-05
- HighCVSS 8.3 v3·EPSS 0.2%·Fix available
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Published 2026-06-05
- CVSS 3.1 v3·EPSS 0.2%·No fix yet
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Published 2026-06-02
- MediumCVSS 6.3 v3·EPSS 0.2%·No fix yet
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue was observed through ExtremeCloud IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE /Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT authentication were not affected.
Published 2026-05-29
- MediumCVSS 5.9 v3·EPSS 0.2%·No fix yet
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Under concurrent checkout pressure (Black Friday, flash sale, viral coupon), the global usage_limit was silently exceeded: orders were committed with the discount fully applied to price_amount while the counter blocked at usage_limit. The merchant had no signal that an over-redemption had occurred. This vulnerability is fixed in 2.8.0.
Published 2026-05-29
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.