VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 31 of 55
  • CVE-2026-34368MedMar 27, 2026
    risk 0.27cvss 5.3epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `plugin/YPTWallet/YPTWallet.php` contains a Time-of-Check-Time-of-Use (TOCTOU) race condition. The method reads the sender's wallet balance, checks sufficiency…

  • CVE-2026-2802MedFeb 24, 2026
    risk 0.27cvss 4.2epss 0.00

    Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2023-6109MedNov 14, 2023
    risk 0.27cvss 5.3epss 0.00

    The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when…

  • CVE-2023-30543MedApr 17, 2023
    risk 0.27cvss 5.2epss 0.00

    @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this…

  • CVE-2009-5152MedMay 11, 2018
    risk 0.27cvss 4.1epss 0.00

    Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default…

  • CVE-2026-7724MedMay 4, 2026
    risk 0.26cvss 5.0epss 0.00

    A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack…

  • CVE-2020-10744MedMay 15, 2020
    risk 0.26cvss 5.0epss 0.00

    An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine…

  • CVE-2020-1733MedMar 11, 2020
    risk 0.26cvss 5.0epss 0.00

    A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is…

  • CVE-2015-8839MedMay 2, 2016
    risk 0.26cvss 5.1epss 0.00

    Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault…

  • CVE-2026-46272MedJun 3, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID:…

  • CVE-2026-46187MedMay 28, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally,…

  • CVE-2026-46025MedMay 27, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damon_call() vs kdamond_fn() exit race Patch series "mm/damon/core: fix damon_call()/damos_walk() vs kdmond exit race". damon_call() and damos_walk() can leak memory and/or deadlock when…

  • CVE-2026-46017MedMay 27, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migrate_folio_move() records the deferred split queue state from src and replays it on dst. Replaying it after remove_migration_ptes(src, dst, 0) makes dst…

  • CVE-2026-46008MedMay 27, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damos_walk() vs kdamond_fn() exit race When kdamond_fn() main loop is finished, the function cancels remaining damos_walk() request and unset the damon_ctx->kdamond so that API callers and…

  • CVE-2026-45949MedMay 27, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and work_struct to fix race condition Currently, hwrng_fill is not cleared until the hwrng_fillfn() thread exits. Since hwrng_unregister() reads hwrng_fill outside the rng_mutex lock, a…

  • CVE-2026-32848MedMay 18, 2026
    risk 0.24cvss 4.7epss 0.00

    NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems.…

  • CVE-2026-43448MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix race bug in nvme_poll_irqdisable() In the following scenario, pdev can be disabled between (1) and (3) by (2). This sets pdev->msix_enabled = 0. Then, pci_irq_vector() will return MSI-X IRQ(>15)…

  • CVE-2026-43439MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a css_set, cgroup_migrate_add_task() first moves it from cset->tasks to cset->mg_tasks via: …

  • CVE-2026-43430MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a…

  • CVE-2026-43415MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel the UFS RTC work, but it is placed after ufshcd_vops_suspend(hba,…