CVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-64773
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-12434
Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-12432
Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-64683
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64682
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-43420
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.
CVE-2025-43364
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26.1. An app may be able to break out of its sandbox.
CVE-2025-64168
Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to b…
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fix…
CVE-2025-40039
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix race condition in RPC handle list access
The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd
session. Access to this list is intended to be p…
CVE-2025-39966
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Fix race during abort for file descriptors
fput() doesn't actually call file_operations release() synchronously, it
puts the file on a work queue and it will be…
CVE-2025-59282
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-59205
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59196
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59195
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59193
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.