Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-367

CWE-367

Medium likelihood

Time-of-check Time-of-use (TOCTOU) Race Condition

Parent: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

649 vulnerabilities with CWE-367

CVE-2026-31824 HIGH

Sylius < 1.9.12 - Unauthenticated Race Condition in Promotion Usage Limit Enforcement

CVE-2026-2364 HIGH

CODESYS Development System - Privilege Escalation

CVE-2026-28689 MEDIUM

ImageMagick <7.1.2-16/6.9.13-41 - Auth Bypass

CVE-2026-26017 HIGH

CoreDNS < 1.14.2 - DNS Access Control Bypass via Plugin Execution Order

CVE-2026-27750 HIGH

Avira Internet Security - Privilege Escalation

CVE-2026-20445 MEDIUM

Android MediaTek MT68xx/MT69xx - Local Denial of Service via MDDP Race Condition

CVE-2026-20438 MEDIUM

MAE - Privilege Escalation

CVE-2026-21725 LOW

Grafana 11.0.0-12.4.0 - Time-of-Check Time-of-Use Race Condition in Data Source Deletion

CVE-2026-27128 MEDIUM

Craft CMS 4.5.0-RC1-4.16.18/5.0.0-RC1-5.8.22 - Auth Bypass

CVE-2026-27127 MEDIUM

Craft CMS 4.5.0-RC1-4.16.18/5.0.0-RC1-5.8.22 - SSRF

CVE-2026-27189 MEDIUM

OpenSift <=1.1.2-alpha - Memory Corruption

CVE-2026-25738 MEDIUM

Indico < 3.3.10 - Server-Side Request Forgery via User-Provided URL

CVE-2026-23212 MEDIUM

Linux Kernel - Time-of-check Time-of-use Race Condition in Bonding Slave Last RX Tracking

CVE-2026-20796 LOW

Mattermost <10.11.9 - Info Disclosure

CVE-2026-26224 HIGH

Intego Log Reporter - Privilege Escalation

CVE-2026-20677 CRITICAL

macOS Tahoe <26.3 - Info Disclosure

CVE-2026-25728 HIGH

ClipBucket 5.3-5.5.3-40 - Remote Code Execution via Avatar and Background Image Upload Race Condition

CVE-2026-21523 HIGH

Visual Studio Code < 1.109.2 and 1.110.1 - Authenticated Remote Code Execution via TOCTOU Race Condition

CVE-2026-21240 HIGH

Windows HTTP.sys - Privilege Escalation

CVE-2026-25641 CRITICAL

nyariv/sandboxjs < 0.8.29 - Sandbox Escape via Property Key Coercion

CVE-2026-25052 CRITICAL

n8n < 1.123.18 and 2.0.0-2.5.0 - Authenticated Sensitive File Read via Workflow File Access

CVE-2026-0924 HIGH

BuhoCleaner <1.15.2 - Privilege Escalation

CVE-2026-24071 HIGH

Native Access < 3.22.0 - Time-of-check Time-of-use Race Condition via PID Reuse

CVE-2026-23988 HIGH

Rufus < 4.12 - Time-of-check Time-of-use Race Condition in Fido PowerShell Script Handling

CVE-2026-22281 LOW

Dell PowerScale OneFS <9.13.0.0 DoS via TOCTOU Race Condition

Previous Page 5 of 26 Next

Details

Vulnerabilities 649

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy