Export limit exceeded: 29925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3800 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64168 | 1 Agno-agi | 1 Agno | 2026-04-15 | 7.1 High |
| Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2. | ||||
| CVE-2025-67898 | 1 Mjml | 1 Mjml | 2026-04-15 | 4.5 Medium |
| MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827. | ||||
| CVE-2025-46415 | 2026-04-15 | 3.2 Low | ||
| A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
| CVE-2024-32482 | 2026-04-15 | 2.2 Low | ||
| The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available. | ||||
| CVE-2025-0372 | 2026-04-15 | N/A | ||
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1. | ||||
| CVE-2025-58131 | 2 Apple, Zoom | 4 Macos, Vdi Vmware, Workplace and 1 more | 2026-04-15 | 6.6 Medium |
| Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2024-13944 | 1 Avast | 1 Cleanup | 2026-04-15 | 7.8 High |
| Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2025-10778 | 1 Smartstore | 1 Smartstore | 2026-04-15 | 3.1 Low |
| A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-27725 | 1 Intel | 1 Acat Software | 2026-04-15 | 4.4 Medium |
| Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-46336 | 2026-04-15 | 4.2 Medium | ||
| Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1. | ||||
| CVE-2025-20037 | 1 Intel | 1 Converged Security And Management Engine | 2026-04-15 | 7.2 High |
| Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20074 | 1 Intel | 1 Connectivity Performance Suite | 2026-04-15 | 7.8 High |
| Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20082 | 2026-04-15 | 7.5 High | ||
| Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2025-4637 | 2026-04-15 | N/A | ||
| Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before <19.24.7. | ||||
| CVE-2025-20104 | 2026-04-15 | 7.3 High | ||
| Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-52993 | 2 Gnu, Nixos | 2 Guix, Nix | 2026-04-15 | 5.6 Medium |
| A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
| CVE-2024-27983 | 2 Nodejs, Redhat | 7 Nodejs, Enterprise Linux, Rhel Aus and 4 more | 2026-04-15 | 7.5 High |
| An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | ||||
| CVE-2025-2425 | 2026-04-15 | N/A | ||
| Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. | ||||
| CVE-2025-31146 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2026-04-15 | 6.1 Medium |
| Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-2307 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.1 Medium |
| A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. | ||||