CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 7 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42099 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2026 | Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An… | ||
| CVE-2026-32161 | — | Hig | 0.49 | 7.5 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network. | |
| CVE-2026-28986 | Hig | 0.49 | 7.5 | 0.00 | May 11, 2026 | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system… | ||
| CVE-2026-28924 | — | Hig | 0.49 | 7.5 | 0.00 | May 11, 2026 | A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent. | |
| CVE-2026-7948 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2024-40849 | Hig | 0.49 | 7.5 | 0.00 | Apr 2, 2026 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox. | ||
| CVE-2026-4684 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2026 | Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||
| CVE-2026-20921 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-71066 | Hig | 0.49 | 7.5 | 0.00 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and… | ||
| CVE-2025-13012 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2025 | Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5. | ||
| CVE-2025-46613 | Hig | 0.49 | 7.5 | 0.00 | Apr 25, 2025 | OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable. | ||
| CVE-2023-49603 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2025 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-11144 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2024 | The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file… | ||
| CVE-2023-41833 | — | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2024-40815 | Hig | 0.49 | 7.5 | 0.01 | Jul 29, 2024 | A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer… | ||
| CVE-2017-15358 | Hig | 0.49 | 7.0 | 0.01 | Aug 3, 2018 | Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option. | ||
| CVE-2018-4230 | Hig | 0.49 | 7.0 | 0.04 | Jun 8, 2018 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits… | ||
| CVE-2018-0492 | Hig | 0.49 | 7.0 | 0.02 | Apr 3, 2018 | Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | ||
| CVE-2017-7004 | — | Hig | 0.49 | 7.0 | 0.03 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted… | |
| CVE-2017-7326 | Hig | 0.49 | 7.5 | 0.01 | Jan 19, 2018 | Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page |
- risk 0.49cvss 7.5epss 0.01
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location (__DIR__) under the specified name. An…
- risk 0.49cvss 7.5epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.49cvss 7.5epss 0.00
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system…
- risk 0.49cvss 7.5epss 0.00
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.
- risk 0.49cvss 7.5epss 0.00
Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
- risk 0.49cvss 7.5epss 0.00
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.
- risk 0.49cvss 7.5epss 0.00
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- risk 0.49cvss 7.5epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and…
- risk 0.49cvss 7.5epss 0.00
Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.
- risk 0.49cvss 7.5epss 0.00
OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.
- risk 0.49cvss 7.5epss 0.00
Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file…
- risk 0.49cvss 7.5epss 0.00
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.01
A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer…
- risk 0.49cvss 7.0epss 0.01
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
- risk 0.49cvss 7.0epss 0.04
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits…
- risk 0.49cvss 7.0epss 0.02
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
- risk 0.49cvss 7.0epss 0.03
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted…
- risk 0.49cvss 7.5epss 0.01
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page