CWE-362

Race Condition

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 38 of 38

CVE-2026-54229High· 7.09 h ago
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller's uid, succeeding even whil
CVE-2026-12022High· 8.3EPSS 0%12 h ago
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVE-2026-1220High· 7.5EPSS 0%17 h ago
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
CVE-2014-0196Medium· 5.5KEVEXPLOITEPSS 50%20 h ago
Linux Kernel Race Condition Vulnerability
CVE-2023-36884High· 7.5KEVEPSS 93%20 h ago
Microsoft Windows Search Remote Code Execution Vulnerability
CVE-2020-6819High· 8.1KEVEPSS 0%20 h ago
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
CVE-2016-5195High· 7.0KEVEXPLOITEPSS 94%20 h ago
Linux Kernel Race Condition Vulnerability
CVE-2021-0920Medium· 6.4KEVEPSS 1%20 h ago
Android Kernel Race Condition Vulnerability
CVE-2021-21166High· 8.8KEVEPSS 38%20 h ago
Google Chromium Race Condition Vulnerability
CVE-2021-25395Medium· 6.4KEVEPSS 0%20 h ago
Samsung Mobile Devices Race Condition Vulnerability
CVE-2025-62215High· 7.0KEVEXPLOITEPSS 2%20 h ago
Microsoft Windows Race Condition Vulnerability
CVE-2022-26904High· 7.0KEVEXPLOITEPSS 23%20 h ago
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
CVE-2021-1782High· 7.0KEVEPSS 6%20 h ago
Apple Multiple Products Race Condition Vulnerability
CVE-2020-6820High· 8.1KEVEPSS 3%20 h ago
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
CVE-2022-26758High· 7.1EPSS 0%1 d ago
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.
CVE-2026-42912High· 7.0EPSS 0%1 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45601High· 7.0EPSS 0%1 d ago
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45603High· 7.0EPSS 0%1 d ago
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-46693Medium· 4.1EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the s
CVE-2026-44818High· 7.0EPSS 0%1 d ago
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-44693High· 8.8EPSS 0%1 d ago
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 re
CVE-2026-42836High· 7.0EPSS 0%1 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42979High· 7.8EPSS 0%1 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42991High· 7.8EPSS 0%1 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-45596High· 7.0EPSS 0%1 d ago
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45597High· 7.0EPSS 0%1 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45598High· 7.0EPSS 0%1 d ago
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-46187Medium· 4.7EPSS 0%2 d ago
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when ki
CVE-2026-42977High· 7.8EPSS 0%2 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42978High· 7.8EPSS 0%2 d ago
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-46157High· 7.8EPSS 0%3 d ago
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to
CVE-2026-46272Medium· 4.7EPSS 0%3 d ago
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggere
CVE-2026-42909High· 7.5EPSS 0%3 d ago
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42913High· 7.5EPSS 0%3 d ago
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-10263Critical· 9.1EPSS 0%3 d ago
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow
CVE-2026-11677High· 8.3EPSS 0%3 d ago
Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11145Medium· 5.3EPSS 0%4 d ago
Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-10940High· 8.3EPSS 0%4 d ago
Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.