Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-367

CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367

CVE-2026-54228 HIGH

Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

CVE-2026-53838 CRITICAL

OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

CVE-2026-53831 HIGH

OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

CVE-2026-53822 HIGH

OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

CVE-2026-54055 MEDIUM

Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

CVE-2026-42306 HIGH

Moby: Race condition in docker cp allows bind mount redirection to host path

CVE-2026-41568 MEDIUM

Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap

CVE-2026-50631 HIGH

Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

CVE-2026-53806 HIGH

OpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation

CVE-2026-24067 HIGH

Slate Digital Connect macOS XPC PID validation privilege escalation

CVE-2026-49958 MEDIUM

Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

CVE-2026-45647 MEDIUM

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

CVE-2026-45487 HIGH

Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

CVE-2026-24065 HIGH

Local Privilege Escalation via Insecure XPC Client Validation in Waves Central for macOS

CVE-2026-2638 HIGH

X-VPN macOS website versions - Local Privilege Escalation

CVE-2026-35202 LOW

Pterodactyl Panel <1.12.3 Client API - Database Limit Bypass

CVE-2026-25260 HIGH

Qualcomm Snapdragon DSP Service - Shared Buffer Race Condition Memory Corruption

CVE-2026-20454 MEDIUM

MediaTek Chipset - Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2026-45619 MEDIUM

AVideo <= 29.0 - DNS Rebinding SSRF

CVE-2026-46194 MEDIUM

f2fs: fix node_cnt race between extent node destroy and writeback

CVE-2026-46159 MEDIUM

btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak

CVE-2026-9796 MEDIUM

Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

CVE-2026-42336 MEDIUM

MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch

CVE-2026-24191 HIGH

Nvidia GeForce - Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2026-45208 HIGH

Trend Micro, Inc. TrendAI Apex One - Time-of-check Time-of-use (TOCTOU) Race Condition

Page 1 of 26 Next

Details

Vulnerabilities 649

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy