Search Results (2628 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-58527 1 Microsoft 5 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 2 more 2026-07-14 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
CVE-2026-56188 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 9.8 Critical
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.
CVE-2026-56649 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 5.9 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.
CVE-2026-49183 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clipboard Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50356 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
CVE-2026-49806 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-59896 1 Hono 1 Hono 2026-07-10 6.5 Medium
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight request to be used after an await in an async component. This issue is fixed in version 4.12.27.
CVE-2026-57030 1 Juniper Networks 1 Junos Os 2026-07-09 5.9 Medium
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). As part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds: user@host> show security flow session | match timeout Session ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid This will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary': user@host> show security flow session summary | match invalid Invalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot. This issue affects Junos OS on SRX Series: * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S1, 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect releases earlier than 24.2R1;
CVE-2026-54778 1 Corewcf 1 Corewcf 2026-07-09 6.2 Medium
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
CVE-2026-56297 1 Freerdp 1 Freerdp 2026-07-09 7 High
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service.
CVE-2026-42913 1 Microsoft 13 Remote Desktop, Windows 11 23h2, Windows 11 23h2 and 10 more 2026-07-08 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42909 1 Microsoft 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more 2026-07-08 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-45603 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45598 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45601 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-44818 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-5120 1 Dassault Systèmes 1 Biovia Workbook 2026-07-06 8.1 High
A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.
CVE-2026-55945 1 Microsoft 1 Edge Chromium 2026-07-06 4.2 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.
CVE-2026-23302 1 Linux 1 Linux Kernel 2026-07-04 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.
CVE-2026-13874 1 Google 1 Chrome 2026-07-01 5.3 Medium
Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)