VYPR

CWE-820

Missing Synchronization

BaseIncomplete

Description

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

Hierarchy (View 1000)

CVEs mapped to this weakness (7)

  • CVE-2025-47154CriMay 1, 2025
    risk 0.52cvss 9.0epss 0.01

    LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and…

  • CVE-2026-22163HigMar 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner…

  • CVE-2025-1445HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as…

  • CVE-2022-50238HigSep 8, 2025
    risk 0.48cvss 7.4epss 0.00

    The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows…

  • CVE-2026-44318MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via…

  • CVE-2023-2801Jun 6, 2023
    risk 0.00cvss epss 0.01

    Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at…

  • CVE-2022-25210Feb 15, 2022
    risk 0.00cvss epss 0.01

    Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.