Total
1978 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38191 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-07-10 | 7.8 High |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2025-26649 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-10 | 7 High |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
CVE-2024-7885 | 1 Redhat | 20 Apache Camel Hawtio, Apache Camel Spring Boot, Build Keycloak and 17 more | 2025-07-10 | 7.5 High |
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. | ||||
CVE-2024-35255 | 2 Microsoft, Redhat | 5 Authentication Library, Azure Identity Sdk, Camel Quarkus and 2 more | 2025-07-08 | 5.5 Medium |
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||||
CVE-2025-27492 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-08 | 7 High |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-30394 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-07-08 | 5.9 Medium |
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | ||||
CVE-2025-29841 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-08 | 7 High |
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-27468 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 7 High |
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
CVE-2022-30214 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-07-08 | 6.6 Medium |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2022-30212 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-07-08 | 4.7 Medium |
Windows Connected Devices Platform Service Information Disclosure Vulnerability | ||||
CVE-2022-30205 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-08 | 6.6 Medium |
Windows Group Policy Elevation of Privilege Vulnerability | ||||
CVE-2022-24525 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server | 2025-07-08 | 7 High |
Windows Update Stack Elevation of Privilege Vulnerability | ||||
CVE-2022-23283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-08 | 7 High |
Windows ALPC Elevation of Privilege Vulnerability | ||||
CVE-2022-21975 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Server and 3 more | 2025-07-08 | 4.7 Medium |
Windows Hyper-V Denial of Service Vulnerability | ||||
CVE-2022-24505 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2025-07-08 | 7 High |
Windows ALPC Elevation of Privilege Vulnerability | ||||
CVE-2024-48991 | 1 Needrestart Project | 1 Needrestart | 2025-07-03 | 7.8 High |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3). | ||||
CVE-2024-36621 | 1 Mobyproject | 1 Moby | 2025-07-02 | 6.5 Medium |
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. | ||||
CVE-2024-36623 | 1 Mobyproject | 1 Moby | 2025-07-02 | 8.1 High |
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. | ||||
CVE-2025-52993 | 2025-06-30 | 5.6 Medium | ||
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
CVE-2024-34732 | 1 Google | 1 Android | 2025-06-27 | 8.4 High |
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. |