CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.— MITRE CWE catalog
2,207 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 39 of 45
- CVE-2025-64658HIGHCVSS 7.5EG 7.52025-12-09
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
- CVE-2025-64661HIGHCVSS 7.8EG 7.82025-12-09
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
- CVE-2025-64682LOWCVSS 3.7EG 2.72025-11-10
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
- CVE-2025-64683HIGHCVSS 7.5EG 5.32025-11-10
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
- CVE-2025-64773LOWCVSS 3.7EG 2.72025-11-11
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
- CVE-2025-66320MEDIUMCVSS 4.7EG 5.12025-12-08
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66321MEDIUMCVSS 4.7EG 5.12025-12-08
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66322MEDIUMCVSS 4.7EG 5.12025-12-08
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66326MEDIUMCVSS 4.7EG 6.72025-12-08
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66327MEDIUMCVSS 4.7EG 7.12025-12-08
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-66328MEDIUMCVSS 4.7EG 8.42025-12-08
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-66419CRITICALCVSS 10.0EG 8.82025-12-11
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in vers…
- CVE-2025-66446HIGHCVSS 7.5EG 8.82025-12-11
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escala…
- CVE-2025-66803MEDIUMCVSS 4.8EG 4.82026-01-20
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective ne…
- CVE-2025-67505HIGHCVSS 8.4EG 8.42025-12-10
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response hea…
- CVE-2025-68146MEDIUMCVSS 6.3EG 6.32025-12-16
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulne…
- CVE-2025-68214MEDIUMCVSS 4.7EG 4.72025-12-16
In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timer_shutdown_sync() There is a race condition between timer_shutdown_sync() and timer expiration that can lead to hitting a W…
- CVE-2025-68749MEDIUMCVSS 4.7EG 4.72025-12-24
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs …
- CVE-2025-68955HIGHCVSS 8.0EG 8.02026-01-14
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68956HIGHCVSS 8.0EG 8.02026-01-14
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68957HIGHCVSS 8.4EG 8.42026-01-14
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68958HIGHCVSS 8.0EG 8.02026-01-14
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68960HIGHCVSS 8.4EG 8.42026-01-14
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68961MEDIUMCVSS 5.1EG 5.12026-01-14
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68962MEDIUMCVSS 5.1EG 5.12026-01-14
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68969MEDIUMCVSS 6.8EG 6.82026-01-14
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-69871HIGHCVSS 8.1EG 8.12026-02-11
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. Thi…
- CVE-2025-71066HIGHCVSS 7.5EG 0.02026-01-13
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change [email protected] says: The vulnerability is a race condition betw…
- CVE-2025-71074MEDIUMCVSS 4.7EG 4.72026-01-13
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of op…
- CVE-2025-71221HIGHCVSS 7.0EG 7.02026-02-14
In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descr…
- CVE-2025-71274MEDIUMCVSS 4.7EG 4.72026-05-06
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driver_override_show() and use core helper The driver_override_show function reads the driver_override string without holding the device_lock. H…
- CVE-2025-71303MEDIUMCVSS 4.7EG 4.72026-05-27
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that a suspend/resume is already in progress.…
- CVE-2025-7954HIGHCVSS 8.1EG 8.12025-08-06
A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
- CVE-2025-8880HIGHCVSS 8.8EG 8.82025-08-13
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-0068HIGHCVSS 7.8EG 7.82026-06-17
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user ca…
- CVE-2026-0083HIGHCVSS 7.0EG 7.02026-06-17
In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0924HIGHCVSS 7.0EG 7.02026-02-02
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.
- CVE-2026-0995LOWCVSS 3.6EG 3.62026-03-02
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
- CVE-2026-10006HIGHCVSS 7.5EG 7.52026-05-28
Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10565LOWCVSS 3.1EG 3.12026-06-02
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The …
- CVE-2026-10654LOWCVSS 3.1EG 3.12026-06-30
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown (state BT_RFCOMM…
- CVE-2026-10940HIGHCVSS 8.3EG 8.32026-06-04
Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-11145MEDIUMCVSS 5.3EG 6.52026-06-04
Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11253MEDIUMCVSS 4.3EG 4.32026-06-04
Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11677HIGHCVSS 8.3EG 8.32026-06-08
Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12022HIGHCVSS 8.3EG 8.32026-06-11
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
- CVE-2026-1220HIGHCVSS 7.5EG 7.52026-06-10
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12454HIGHCVSS 8.3EG 8.32026-06-17
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12468HIGHCVSS 8.3EG 8.32026-06-17
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13502MEDIUMCVSS 4.5EG 4.52026-06-28
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This man…
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →