CWE-362: Race Condition — known CVE vulnerabilities
CVEs classified under CWE-362 (Race Condition), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-27626 — CVSS 10.0 (critical): A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the…
CVE-2014-0703 — CVSS 10.0 (critical): Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the…
CVE-2010-1228 — CVSS 10.0 (critical): Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.
CVE-2008-6598 — CVSS 10.0 (critical): Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
CVE-2026-46137 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This…
CVE-2026-46135 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown…
CVE-2026-43198 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in…
CVE-2026-5902 — CVSS 9.8 (critical): Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-23240 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was…
CVE-2025-43275 — CVSS 9.8 (critical): A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura…
CVE-2025-43244 — CVSS 9.8 (critical): A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura…
CVE-2025-30444 — CVSS 9.8 (critical): A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5…
CVE-2024-48069 — CVSS 9.8 (critical): A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files…
CVE-2023-32254 — CVSS 9.8 (critical): A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of…
CVE-2023-28201 — CVSS 9.8 (critical): This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4…
CVE-2022-44551 — CVSS 9.8 (critical): The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality…
CVE-2022-39328 — CVSS 9.8 (critical): Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race…
CVE-2021-32810 — CVSS 9.8 (critical): crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and…
CVE-2021-26569 — CVSS 9.8 (critical): Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows…
CVE-2020-10279 — CVSS 9.8 (critical): MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating…
CVE-2019-2006 — CVSS 9.8 (critical): In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local…
CVE-2016-0930 — CVSS 9.8 (critical): Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for…
CVE-2026-13882 — CVSS 9.6 (critical): Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially…
CVE-2015-6789 — CVSS 9.3 (critical): Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to…
CVE-2015-5754 — CVSS 9.3 (critical): Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to…
CVE-2014-0100 — CVSS 9.3 (critical): Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to…
CVE-2014-1490 — CVSS 9.3 (critical): Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x…
CVE-2013-7283 — CVSS 9.3 (critical): Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact…
CVE-2012-5108 — CVSS 9.3 (critical): Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
CVE-2011-3961 — CVSS 9.3 (critical): Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a…
CVE-2010-3412 — CVSS 9.3 (critical): Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
CVE-2010-2558 — CVSS 9.3 (critical): Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2010-0489 — CVSS 9.3 (critical): Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted…
CVE-2010-0017 — CVSS 9.3 (critical): Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and…
CVE-2009-2724 — CVSS 9.3 (critical): Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race…
CVE-2008-5021 — CVSS 9.3 (critical): nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13…
CVE-2007-0099 — CVSS 9.3 (critical): Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows…
CVE-2025-13036: An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login…
CVE-2025-32991 — CVSS 9.0 (critical): In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.
CVE-2026-20677 — CVSS 9.0 (critical): A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and…
CVE-2023-32250 — CVSS 9.0 (critical): A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of…
CVE-2017-10915 — CVSS 9.0 (critical): The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest…
CVE-2026-44693 — CVSS 8.8 (high): Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains…
CVE-2026-45945 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel…
CVE-2026-26167 — CVSS 8.8 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an…
CVE-2025-66446 — CVSS 8.8 (high): MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to…
CVE-2025-66419 — CVSS 8.8 (high): MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox…
CVE-2025-12432 — CVSS 8.8 (high): Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…