CVE & Exploit Intelligence Database

CVE-2025-62219 7.0 HIGH EPSS 0.00

Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

CWE-415 Nov 11, 2025

CVE-2025-62218 7.0 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

CWE-362 Nov 11, 2025

CVE-2025-62217 7.0 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CWE-362 Nov 11, 2025

CVE-2025-62215 7.0 HIGH KEV 7 PoCs Analysis EPSS 0.01

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CWE-415 Nov 11, 2025

CVE-2025-60723 6.3 MEDIUM EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.

CWE-362 Nov 11, 2025

CVE-2025-59508 7.0 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CWE-362 Nov 11, 2025

CVE-2025-59507 7.0 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CWE-362 Nov 11, 2025

CVE-2025-59506 7.0 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

CWE-362 Nov 11, 2025

CVE-2025-64773 2.7 LOW EPSS 0.00

In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit

CWE-362 Nov 11, 2025

CVE-2025-13012 7.5 HIGH EPSS 0.00

Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

CWE-362 Nov 11, 2025

CVE-2025-12434 4.2 MEDIUM EPSS 0.00

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CWE-362 Nov 10, 2025

CVE-2025-12432 8.8 HIGH EPSS 0.00

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE-362 Nov 10, 2025

CVE-2025-64683 5.3 MEDIUM EPSS 0.00

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API

CWE-362 Nov 10, 2025

CVE-2025-64682 2.7 LOW EPSS 0.00

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit

CWE-362 Nov 10, 2025

CVE-2025-64457 4.2 MEDIUM EPSS 0.00

In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition

CWE-367 Nov 10, 2025

CVE-2025-43420 4.7 MEDIUM EPSS 0.00

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data.

CWE-362 Nov 04, 2025

CVE-2025-43364 7.8 HIGH EPSS 0.00

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.

CWE-362 Nov 04, 2025

CVE-2025-64168 7.1 HIGH EPSS 0.00

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

CWE-362 Oct 31, 2025

CVE-2025-64118 1 Writeup EPSS 0.00

node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.

CWE-367 Oct 30, 2025

CVE-2025-40039 4.7 MEDIUM EPSS 0.00

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpc_lock' (an rw_semaphore). However, the locking implementation was flawed, leading to potential race conditions. In ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock before calling xa_store() and xa_erase(). Since these operations modify the XArray structure, a write lock is required to ensure exclusive access and prevent data corruption from concurrent modifications. Furthermore, ksmbd_session_rpc_method() accessed the list using xa_load() without holding any lock at all. This could lead to reading inconsistent data or a potential use-after-free if an entry is concurrently removed and the pointer is dereferenced. Fix these issues by: 1. Using down_write() and up_write() in ksmbd_session_rpc_open() to ensure exclusive access during XArray modification, and ensuring the lock is correctly released on error paths. 2. Adding down_read() and up_read() in ksmbd_session_rpc_method() to safely protect the lookup.

CWE-362 Oct 28, 2025