Export limit exceeded: 361610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4037 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34861 | 1 Huawei | 1 Harmonyos | 2026-04-15 | 6.3 Medium |
| Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34862 | 1 Huawei | 1 Harmonyos | 2026-04-15 | 6.3 Medium |
| Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-27222 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | 5.5 Medium |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21234 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21523 | 1 Microsoft | 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension | 2026-04-15 | 8 High |
| Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-21240 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-15 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21237 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-04-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21231 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-2802 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 4.2 Medium |
| Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||||
| CVE-2026-28549 | 1 Huawei | 1 Harmonyos | 2026-04-15 | 6.6 Medium |
| Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-32887 | 2 Effect Project, Effectful | 2 Effect, Effect | 2026-04-15 | 7.4 High |
| Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.toWebHandlerRuntime`) inside a Next.js App Router route handler, any Node.js `AsyncLocalStorage`-dependent API called from within an Effect fiber can read another concurrent request's context — or no context at all. Under production traffic, `auth()` from `@clerk/nextjs/server` returns a different user's session. Version 3.20.0 contains a fix for the issue. | ||||
| CVE-2026-34849 | 1 Huawei | 1 Harmonyos | 2026-04-15 | 2.5 Low |
| UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34515 | 2 Aio-libs, Aiohttp | 2 Aiohttp, Aiohttp | 2026-04-15 | 7.5 High |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4. | ||||
| CVE-2025-31944 | 1 Intel | 1 Tdx Module | 2026-04-15 | 5.3 Medium |
| Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (low) impacts. | ||||
| CVE-2024-6409 | 1 Redhat | 4 Enterprise Linux, Openshift, Rhel E4s and 1 more | 2026-04-15 | 7 High |
| A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. | ||||
| CVE-2024-2193 | 2 Amd, Xen | 2 Cpu, Xen | 2026-04-15 | 5.7 Medium |
| A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. | ||||
| CVE-2024-40887 | 2026-04-15 | 6.1 Medium | ||
| Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-53594 | 2 Apple, Qnap | 4 Macos, Qfinder Pro, Qsync and 1 more | 2026-04-15 | N/A |
| A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinder Pro Mac 7.13.0 and later Qsync for Mac 5.1.5 and later QVPN Device Client for Mac 2.2.8 and later | ||||
| CVE-2024-50592 | 1 Hasomed | 1 Elefant Software Updater | 2026-04-15 | 7 High |
| An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user writable installation folder (C:\Elefant1). This means that a user can overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe" in the time frame after the copy and before the execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM". | ||||
| CVE-2024-29863 | 2026-04-15 | 7.8 High | ||
| A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. | ||||