CWE-367 · Time-of-check Time-of-use (TOCTOU) Race Condition

668 CVEs classified under CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition). Browse by severity and year.

Top CVEs for CWE-367
CVESeverityScorePublishedSummary
CVE-2026-25641Critical10.02026-02-06SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validatio…
CVE-2025-64180Critical10.02025-11-07Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access…
CVE-2026-25052Critical9.92026-02-04n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated user…
CVE-2025-13032Critical9.92025-11-11Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.
CVE-2026-53838Critical9.82026-06-12OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. At…
CVE-2026-37531Critical9.82026-05-01AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget ins…
CVE-2024-41787Critical9.82025-01-10IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. B…
CVE-2024-56337Critical9.82024-12-20Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0…
CVE-2024-50379Critical9.82024-12-17Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when th…
CVE-2024-41779Critical9.82024-11-22IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race conditi…
CVE-2024-27114Critical9.82024-09-11A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker…
CVE-2024-28718Critical9.82024-04-12An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
CVE-2021-32708Critical9.82021-06-24Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain speci…
CVE-2019-5421Critical9.82019-04-03Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specif…
CVE-2019-7249Critical9.82019-01-31In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (wh…
CVE-2026-44112Critical9.62026-05-06OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes o…
CVE-2025-22224Critical9.32025-03-04VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local admi…
CVE-2022-33257Critical9.32023-03-10Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.
CVE-2021-35090Critical9.32022-06-14Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectiv…
CVE-2026-44694Critical9.12026-05-08n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2…