CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition — known CVE vulnerabilities
CVEs classified under CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-25641 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on…
CVE-2025-64180 — CVSS 10.0 (critical): Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits…
CVE-2025-34027: The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration…
CVE-2026-25052 — CVSS 9.9 (critical): n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls…
CVE-2025-13032 — CVSS 9.9 (critical): Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool…
CVE-2026-53838 — CVSS 9.8 (critical): OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval…
CVE-2024-41787 — CVSS 9.8 (critical): IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by…
CVE-2024-56337 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through…
CVE-2024-50379 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive…
CVE-2024-41779 — CVSS 9.8 (critical): IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions…
CVE-2024-27114 — CVSS 9.8 (critical): A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is…
CVE-2024-28718 — CVSS 9.8 (critical): An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
CVE-2021-32708 — CVSS 9.8 (critical): Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace…
CVE-2019-7249 — CVSS 9.8 (critical): In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one…
CVE-2026-44112 — CVSS 9.6 (critical): OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers…
CVE-2022-33257 — CVSS 9.3 (critical): Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2021-35090 — CVSS 9.3 (critical): Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute…
CVE-2026-44694 — CVSS 9.1 (critical): n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to…
CVE-2024-49768 — CVSS 9.1 (critical): Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes…
CVE-2021-35082 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has…
CVE-2021-30347 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in…
CVE-2021-30343 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2021-30342 — CVSS 9.1 (critical): Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in…
CVE-2022-28743 — CVSS 9.1 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <=…
CVE-2024-0132 — CVSS 9.0 (critical): NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration…
CVE-2026-53806 — CVSS 8.8 (high): OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation…
CVE-2026-41651 — CVSS 8.8 (high): PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture…
CVE-2025-30663 — CVSS 8.8 (high): Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege…
CVE-2024-7348 — CVSS 8.8 (high): Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as…
CVE-2023-32156 — CVSS 8.8 (high): Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute…
CVE-2024-23463 — CVSS 8.8 (high): Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App…
CVE-2022-36927 — CVSS 8.8 (high): Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could…
CVE-2020-27252 — CVSS 8.8 (high): Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows…
CVE-2019-19793 — CVSS 8.8 (high): In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.
CVE-2019-9486 — CVSS 8.8 (high): STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the…
CVE-2024-53694: A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the…
CVE-2024-39936 — CVSS 8.6 (high): An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before…
CVE-2026-24260 — CVSS 8.5 (high): NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A…
CVE-2026-54353 — CVSS 8.5 (high): Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF…
CVE-2026-26224: Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support…
CVE-2026-24067 — CVSS 8.4 (high): Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes…
CVE-2025-3464: A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially…
CVE-2023-33119 — CVSS 8.4 (high): Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.
CVE-2022-33214 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-25696 — CVSS 8.4 (high): Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute…
CVE-2021-30290 — CVSS 8.4 (high): Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto…
CVE-2026-53831 — CVSS 8.3 (high): OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell…