VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 7 of 55
  • CVE-2026-42099HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An…

  • CVE-2026-32161HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.

  • CVE-2026-28986HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system…

  • CVE-2026-28924HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.

  • CVE-2026-7948HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2024-40849HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

  • CVE-2026-4684HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-20921HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-71066HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and…

  • CVE-2025-13012HigNov 11, 2025
    risk 0.49cvss 7.5epss 0.00

    Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-46613HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.

  • CVE-2023-49603HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-11144HigDec 16, 2024
    risk 0.49cvss 7.5epss 0.00

    The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file…

  • CVE-2023-41833HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-40815HigJul 29, 2024
    risk 0.49cvss 7.5epss 0.01

    A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer…

  • CVE-2017-15358HigAug 3, 2018
    risk 0.49cvss 7.0epss 0.01

    Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.

  • CVE-2018-4230HigJun 8, 2018
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits…

  • CVE-2018-0492HigApr 3, 2018
    risk 0.49cvss 7.0epss 0.02

    Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.

  • CVE-2017-7004HigApr 3, 2018
    risk 0.49cvss 7.0epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted…

  • CVE-2017-7326HigJan 19, 2018
    risk 0.49cvss 7.5epss 0.01

    Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page