Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43067 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | |||||
| CVE-2025-21485 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53018 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing the OIS packet parser. | |||||
| CVE-2024-53016 | 1 Qualcomm | 68 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 65 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while processing I2C settings in Camera driver. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2025-54655 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.1 HIGH |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. | |||||
| CVE-2024-41787 | 1 Ibm | 1 Doors Next | 2025-08-20 | N/A | 9.8 CRITICAL |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 5.5 MEDIUM |
| Information disclosure may be there when a guest VM is connected. | |||||
| CVE-2025-53134 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-21473 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption when using Virtual cdm (Camera Data Mover) to write registers. | |||||
| CVE-2025-27076 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing simultaneous requests via escape path. | |||||
| CVE-2025-6217 | 1 Peak-system | 1 Device Driver | 2025-08-18 | N/A | 2.5 LOW |
| PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161. | |||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-08-18 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-41779 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-15 | N/A | 9.8 CRITICAL |
| IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-49558 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 5.9 MEDIUM |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-50158 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-14 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-54667 | 2025-08-14 | N/A | 5.3 MEDIUM | ||
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a through 2.9.4.3. | |||||
| CVE-2025-20037 | 2025-08-13 | N/A | 7.2 HIGH | ||
| Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20074 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32156 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2025-08-13 | N/A | 8.8 HIGH |
| Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. . Was ZDI-CAN-20734. | |||||