Login Sign Up

CWE-367: CWE-367

174
Total CVEs
16
Critical
119
High
7.2
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
19
2025
62
2024
40
2023
32
2022
11

Top Affected Vendors

1 Microsoft 28
2 Qualcomm 17
3 Linux 13
4 Insyde 7
5 Hp 5
6 Debian 5
7 Adobe 4
8 Dell 4
9 Amd 4
10 Netapp 3

All CWE-367 CVEs (174)

CVE-2026-25641
10.0

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attackers can bypass JavaScript sandbox restrictions by ...

Feb 6, 2026
CVE-2025-64180
10.0

A critical TOCTOU vulnerability in Manager accounting software allows attackers to bypass DNS validation and access internal network resources. Both D...

Nov 7, 2025
CVE-2026-25052
9.9

This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to read sensitive fi...

Feb 4, 2026
CVE-2025-13032
9.9

A double fetch vulnerability in the sandbox kernel driver of Avast/AVG Antivirus on Windows allows local attackers to escalate privileges via pool ove...

Nov 11, 2025
CVE-2024-56337
9.8

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Apache Tomcat allows attackers to bypass security checks and write malicious file...

Dec 20, 2024
CVE-2024-50379
9.8

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Apache Tomcat's JSP compilation allows attackers to achieve Remote Code Execution...

Dec 17, 2024
CVE-2024-41779
9.8

A race condition vulnerability in IBM Engineering Systems Design Rhapsody - Model Manager allows remote attackers to bypass security restrictions and ...

Nov 22, 2024
CVE-2024-27114
9.8

CVE-2024-27114 is an unauthenticated remote code execution vulnerability in SO Planning online planning tool. Attackers can upload PHP files that exec...

Sep 11, 2024
CVE-2024-28718
9.8

This vulnerability in OpenStack Magnum's cert_manager.py component allows remote attackers to execute arbitrary code on affected systems. It affects O...

Apr 12, 2024
CVE-2025-22224
KEV EPSS 59% 9.3

This CVE describes a TOCTOU vulnerability in VMware ESXi and Workstation that allows local administrative users within a virtual machine to execute ar...

Mar 4, 2025
CVE-2021-35090
9.3

This vulnerability allows a malicious application to potentially corrupt hypervisor memory through a Time-of-Check Time-of-Use (TOCTOU) race condition...

Jun 14, 2022
CVE-2024-49768
9.1

A race condition in Waitress web server allows HTTP pipelining attacks when request lookahead is enabled. Remote attackers can bypass connection closu...

Oct 29, 2024
CVE-2021-30347
9.1

This vulnerability in Qualcomm Snapdragon chipsets allows improper integrity checks leading to race conditions between PDCP and RRC tasks after receiv...

Jun 14, 2022
CVE-2021-30343
9.1

This vulnerability in Qualcomm Snapdragon chipsets allows improper integrity checks leading to race conditions between PDCP and RRC tasks after receiv...

Jun 14, 2022
CVE-2022-28743
9.1

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Foscam R2C IP cameras that allows authenticated attackers with...

Apr 21, 2022
CVE-2024-0132
9.0

A TOCTOU vulnerability in NVIDIA Container Toolkit 1.16.1 or earlier allows specially crafted container images to access the host file system when usi...

Sep 26, 2024
CVE-2025-30663
8.8

A time-of-check time-of-use race condition vulnerability in Zoom Workplace Apps allows authenticated local users to escalate privileges. This affects ...

May 14, 2025
CVE-2024-23463
8.8

This vulnerability allows attackers to bypass anti-tampering protection in Zscaler Client Connector when the Repair App functionality is used. It affe...

Apr 30, 2024
CVE-2023-38146
8.8

CVE-2023-38146 is a remote code execution vulnerability in Windows Themes that allows attackers to execute arbitrary code on affected systems. It affe...

Sep 12, 2023
CVE-2023-35311
8.8

This vulnerability allows attackers to bypass security features in Microsoft Outlook, potentially enabling them to execute malicious code or access re...

Jul 11, 2023
CVE-2021-30290
8.4

This vulnerability is a race condition in Qualcomm Snapdragon chipsets that can cause a null pointer dereference when timeline fence operations occur ...

Sep 9, 2021
CVE-2025-23359
8.3

CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in NVIDIA Container Toolkit for Linux that allows a malicious container image to ...

Feb 12, 2025
CVE-2023-5760
8.2

A time-of-check to time-of-use (TOCTOU) vulnerability in Avast/AVG Antivirus allows local attackers to perform out-of-bounds writes through IOCTL requ...

Nov 8, 2023
CVE-2025-54655
8.1

A race condition vulnerability in the virtualization base module could allow attackers to compromise the confidentiality and integrity of the virtuali...

Aug 6, 2025
CVE-2025-27812
8.1

MSI Center versions before 2.0.52.0 contain a Time-of-Check Time-of-Use (TOCTOU) vulnerability that allows local attackers to escalate privileges. Thi...

Apr 10, 2025
CVE-2024-48322
8.1

CVE-2024-48322 is a race condition vulnerability in the password reset functionality of Run.codes that allows attackers to bypass authentication. By e...

Nov 11, 2024
CVE-2024-1563
8.1

This vulnerability in Firefox Focus for iOS allows attackers to execute unauthorized JavaScript on top origin sites by exploiting a race condition whe...

Feb 22, 2024
CVE-2023-43976
8.1

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in CatoNetworks CatoClient's PrivilegedHelperTool component allows attackers to esca...

Oct 3, 2023
CVE-2022-36980
8.1

This authentication bypass vulnerability in Ivanti Avalanche allows remote attackers to gain unauthorized access to the EnterpriseServer service. Atta...

Mar 29, 2023
CVE-2022-24335
8.1

This vulnerability in JetBrains TeamCity allows attackers to exploit a race condition during agent registration via XML-RPC, potentially enabling unau...

Feb 25, 2022
CVE-2011-4126
8.1

CVE-2011-4126 is a race condition vulnerability in Calibre's Linux mount helper that allows unprivileged local users to mount arbitrary devices to any...

Oct 27, 2021
CVE-2026-21523
8.0

A time-of-check time-of-use race condition vulnerability in GitHub Copilot and Visual Studio allows authenticated attackers to execute arbitrary code ...

Feb 10, 2026
CVE-2023-20548
7.8

A race condition vulnerability in AMD Secure Processor (ASP) allows attackers to corrupt memory by exploiting timing differences between checking and ...

Feb 11, 2026
CVE-2023-31324
7.8

This CVE describes a Time-of-check time-of-use (TOCTOU) race condition vulnerability in AMD Secure Processor (ASP) that could allow attackers to modif...

Feb 11, 2026
CVE-2026-24071
7.8

This vulnerability allows attackers to bypass code signature verification in Native Access's XPC service on macOS through PID reuse attacks. An attack...

Feb 2, 2026
CVE-2026-20831
7.8

A time-of-check time-of-use race condition in Windows Ancillary Function Driver for WinSock allows authenticated attackers to escalate privileges loca...

Jan 13, 2026
CVE-2026-20816
7.8

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Windows Installer allows authenticated attackers to elevate privileges locally. T...

Jan 13, 2026
CVE-2025-55696
7.8

This CVE describes a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the NtQueryInformationToken function in Windows. It allows aut...

Oct 14, 2025
CVE-2025-55680
7.8

A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the Windows Cloud Files Mini Filter Driver allows authenticated attackers to esca...

Oct 14, 2025
CVE-2025-20074
7.8

A time-of-check time-of-use (TOCTOU) race condition vulnerability in Intel Connectivity Performance Suite installers allows authenticated local users ...

Aug 12, 2025
CVE-2025-27076
7.8

This CVE describes a memory corruption vulnerability in Qualcomm components that occurs when processing simultaneous requests via an escape path. Succ...

Aug 6, 2025
CVE-2025-21473
7.8

This vulnerability allows memory corruption when the Virtual Camera Data Mover writes to hardware registers. It affects systems using Qualcomm chipset...

Aug 6, 2025
CVE-2025-21485
7.8

This vulnerability allows memory corruption through improper handling of INIT and multimode invoke IOCTL calls in FastRPC. Attackers could potentially...

Jun 3, 2025
CVE-2024-45560
7.8

This CVE describes a memory corruption vulnerability in Qualcomm hardware encoders when taking snapshots due to unvalidated userspace buffers. Attacke...

Feb 3, 2025
CVE-2024-38418
7.8

This vulnerability allows memory corruption through improper handling of memory map information in IOCTL calls. Attackers could potentially execute ar...

Feb 3, 2025
CVE-2024-53289
7.8

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that allows a low-privileged attacker with local a...

Dec 11, 2024
CVE-2024-49046
7.8

This CVE describes a Windows Win32 Kernel Subsystem vulnerability that allows local attackers to escalate privileges from a lower-privileged account t...

Nov 12, 2024
CVE-2024-38407
7.8

This vulnerability allows memory corruption in the Qualcomm JPEG Encoder driver when processing IOCTL input parameters. Attackers could exploit this t...

Nov 4, 2024
CVE-2024-36304
7.8

A Time-of-Check Time-of-Use (TOCTOU) vulnerability in Trend Micro Apex One and Apex One as a Service agents allows local attackers to escalate privile...

Jun 10, 2024
CVE-2021-3899
7.8

CVE-2021-3899 is a race condition vulnerability in Apport's 'replaced executable' detection mechanism that allows local attackers to execute arbitrary...

Jun 3, 2024

About CWE-367 (CWE-367)

Our database tracks 174 CVEs classified as CWE-367, with 16 rated critical and 119 rated high severity. The average CVSS score for CWE-367 vulnerabilities is 7.2.

External reference: View CWE-367 on MITRE CWE →

Monitor CWE-367 Vulnerabilities

Get alerted when new CWE-367 CVEs affect your infrastructure.

Start Monitoring Free