ReportizFlow
Filtered by vendor
Subscriptions
Total
697 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9183 | 1 Gitlab | 1 Gitlab | 2026-02-26 | 7.7 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions. | ||||
| CVE-2025-64645 | 1 Ibm | 1 Concert | 2026-02-26 | 7.7 High |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link. | ||||
| CVE-2023-6917 | 2 Redhat, Sgi | 2 Enterprise Linux, Performance Co-pilot | 2026-02-25 | 6 Medium |
| A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation. | ||||
| CVE-2021-23892 | 1 Mcafee | 1 Endpoint Security For Linux Threat Prevention | 2026-02-24 | 8.2 High |
| By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations. | ||||
| CVE-2020-1337 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2026-02-23 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | ||||
| CVE-2025-59497 | 2 Linux, Microsoft | 2 Linux, Defender For Endpoint | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59261 | 1 Microsoft | 16 Graphics Component, Windows, Windows 11 and 13 more | 2026-02-22 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55696 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2026-02-22 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-69211 | 1 Nestjs | 1 Nest | 2026-02-20 | 7.4 High |
| Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` (via `MiddlewareConsumer`) for security checks (authentication, authorization, etc.), or through `app.use()`; and applies middleware to specific routes using string paths or controllers (e.g., `.forRoutes('admin')`). Exploitation can result in unauthenticated users accessing protected routes, restricted administrative endpoints becoming accessible to lower-privileged users, and/or middleware performing sanitization or validation being skipped. This issue is patched in `@nestjs/[email protected]`. | ||||
| CVE-2025-55236 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-02-20 | 7.3 High |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | ||||
| CVE-2025-54895 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-20 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-13818 | 1 Eset | 1 Management Agent | 2026-02-18 | 6.7 Medium |
| Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | ||||
| CVE-2025-21191 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49730 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-13 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48818 | 1 Microsoft | 23 Bitlocker, Windows, Windows 10 and 20 more | 2026-02-13 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-48001 | 1 Microsoft | 24 Windows, Windows 10, Windows 10 1507 and 21 more | 2026-02-13 | 6.8 Medium |
| Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-53134 | 1 Microsoft | 29 Windows, Windows 10, Windows 10 1507 and 26 more | 2026-02-13 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50158 | 1 Microsoft | 27 Windows, Windows 10 1507, Windows 10 1607 and 24 more | 2026-02-13 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-67124 | 1 Svenstaro | 1 Miniserve | 2026-02-11 | 6.8 Medium |
| A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume). | ||||
| CVE-2022-27540 | 1 Hp | 706 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 703 more | 2026-01-30 | 7.8 High |
| A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. | ||||