CWE-367 · Time-of-check Time-of-use (TOCTOU) Race Condition
668 CVEs classified under CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25641 | Critical | 10.0 | 2026-02-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validatio… |
CVE-2025-64180 | Critical | 10.0 | 2025-11-07 | Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access… |
CVE-2026-25052 | Critical | 9.9 | 2026-02-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated user… |
CVE-2025-13032 | Critical | 9.9 | 2025-11-11 | Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. |
CVE-2026-53838 | Critical | 9.8 | 2026-06-12 | OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. At… |
CVE-2026-37531 | Critical | 9.8 | 2026-05-01 | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget ins… |
CVE-2024-41787 | Critical | 9.8 | 2025-01-10 | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. B… |
CVE-2024-56337 | Critical | 9.8 | 2024-12-20 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0… |
CVE-2024-50379 | Critical | 9.8 | 2024-12-17 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when th… |
CVE-2024-41779 | Critical | 9.8 | 2024-11-22 | IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race conditi… |
CVE-2024-27114 | Critical | 9.8 | 2024-09-11 | A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker… |
CVE-2024-28718 | Critical | 9.8 | 2024-04-12 | An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. |
CVE-2021-32708 | Critical | 9.8 | 2021-06-24 | Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain speci… |
CVE-2019-5421 | Critical | 9.8 | 2019-04-03 | Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specif… |
CVE-2019-7249 | Critical | 9.8 | 2019-01-31 | In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (wh… |
CVE-2026-44112 | Critical | 9.6 | 2026-05-06 | OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes o… |
CVE-2025-22224 | Critical | 9.3 | 2025-03-04 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local admi… |
CVE-2022-33257 | Critical | 9.3 | 2023-03-10 | Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. |
CVE-2021-35090 | Critical | 9.3 | 2022-06-14 | Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv… |
CVE-2026-44694 | Critical | 9.1 | 2026-05-08 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2… |