Monthly
Improper synchronization of the userTokens map in Canonical Juju API server (versions 4.0.5, 3.6.20, and 2.9.56) enables authenticated users to trigger denial of service or reuse single-use discharge tokens due to a race condition. The vulnerability requires low privilege authentication and partial attacker timing control but allows complete availability impact to the server. EPSS score of 6.1 reflects moderate real-world exploitation risk, though no public exploit code or active exploitation has been confirmed.
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Remnawave Backend prior to version 2.7.5 allows authenticated users to bypass HWID device registration limits through a race condition in the device registration logic, enabling subscription resale and excessive traffic consumption. The vulnerability requires valid authentication credentials but affects the integrity of subscription management controls across the system. A vendor-released patch is available in version 2.7.5.
Race condition in Samsung Exynos Wi-Fi drivers enables local privilege escalation to kernel execution via double-free memory corruption. Affects 11 mobile and wearable processors (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). Local attackers with low privileges can trigger memory corruption by racing ioctl calls across threads, achieving high confidentiality, integrity, and availability impact. EPSS score of 0.02% (5th percentile) suggests minimal real-world exploitation likelihood despite CVSS 7.0 severity. No public exploit identified at time of analysis.
Use-after-free in Samsung Exynos Wi-Fi driver affects 11 mobile and wearable processor models via race condition triggered by concurrent ioctl calls. Local attackers with low privileges can exploit improper synchronization on a global variable to achieve high-impact compromise (confidentiality, integrity, availability). EPSS data not available; no confirmed active exploitation (not in CISA KEV); public exploit code status unknown. Attack complexity rated high (AC:H) due to race condition timing requirements, reducing immediate weaponization risk despite 7.0 CVSS score.
Authentication bypass via OAuth token race condition in tinyauth allows concurrent attackers to hijack user sessions and gain unauthorized access to victim accounts. The vulnerability affects tinyauth v5.0.4 and earlier versions where singleton OAuth service instances share mutable PKCE verifier and access token fields across all concurrent requests. When two users authenticate simultaneously with the same OAuth provider (GitHub, Google, or generic OAuth), the second request overwrites the first user's token, causing the first user to receive a session with the second user's identity and access privileges. Go race detector confirms 99.9% exploit success rate (9,985/10,000 iterations) in concurrent scenarios. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept demonstrates reliable session hijacking with publicly available exploit methodology. EPSS data not available for this recent CVE.
Local privilege escalation to SYSTEM via race condition in Lakeside SysTrack Agent 11 (versions prior to 11.2.1.28) allows unauthenticated local attackers to gain complete system control through timing-dependent exploitation. EPSS risk assessment and KEV status not available at time of analysis; no public exploit identified at time of analysis. Attack complexity is rated high, requiring precise timing manipulation of concurrent operations.
Parse Server LiveQuery leaks protected fields and authentication data across concurrent subscribers due to shared mutable object state. When multiple clients subscribe to the same class, race conditions in the sensitive data filter allow one subscriber's field filtering to affect other subscribers, exposing data that should remain protected or delivering incomplete objects to authorized clients. Deployments using LiveQuery with protected fields or afterEvent triggers face unauthorized information disclosure. Vendor-released patches are available for Parse Server 8 and 9. No public exploit identified at time of analysis, though the vulnerability is straightforward to trigger in affected configurations.
Improper synchronization of the userTokens map in Canonical Juju API server (versions 4.0.5, 3.6.20, and 2.9.56) enables authenticated users to trigger denial of service or reuse single-use discharge tokens due to a race condition. The vulnerability requires low privilege authentication and partial attacker timing control but allows complete availability impact to the server. EPSS score of 6.1 reflects moderate real-world exploitation risk, though no public exploit code or active exploitation has been confirmed.
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Remnawave Backend prior to version 2.7.5 allows authenticated users to bypass HWID device registration limits through a race condition in the device registration logic, enabling subscription resale and excessive traffic consumption. The vulnerability requires valid authentication credentials but affects the integrity of subscription management controls across the system. A vendor-released patch is available in version 2.7.5.
Race condition in Samsung Exynos Wi-Fi drivers enables local privilege escalation to kernel execution via double-free memory corruption. Affects 11 mobile and wearable processors (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). Local attackers with low privileges can trigger memory corruption by racing ioctl calls across threads, achieving high confidentiality, integrity, and availability impact. EPSS score of 0.02% (5th percentile) suggests minimal real-world exploitation likelihood despite CVSS 7.0 severity. No public exploit identified at time of analysis.
Use-after-free in Samsung Exynos Wi-Fi driver affects 11 mobile and wearable processor models via race condition triggered by concurrent ioctl calls. Local attackers with low privileges can exploit improper synchronization on a global variable to achieve high-impact compromise (confidentiality, integrity, availability). EPSS data not available; no confirmed active exploitation (not in CISA KEV); public exploit code status unknown. Attack complexity rated high (AC:H) due to race condition timing requirements, reducing immediate weaponization risk despite 7.0 CVSS score.
Authentication bypass via OAuth token race condition in tinyauth allows concurrent attackers to hijack user sessions and gain unauthorized access to victim accounts. The vulnerability affects tinyauth v5.0.4 and earlier versions where singleton OAuth service instances share mutable PKCE verifier and access token fields across all concurrent requests. When two users authenticate simultaneously with the same OAuth provider (GitHub, Google, or generic OAuth), the second request overwrites the first user's token, causing the first user to receive a session with the second user's identity and access privileges. Go race detector confirms 99.9% exploit success rate (9,985/10,000 iterations) in concurrent scenarios. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept demonstrates reliable session hijacking with publicly available exploit methodology. EPSS data not available for this recent CVE.
Local privilege escalation to SYSTEM via race condition in Lakeside SysTrack Agent 11 (versions prior to 11.2.1.28) allows unauthenticated local attackers to gain complete system control through timing-dependent exploitation. EPSS risk assessment and KEV status not available at time of analysis; no public exploit identified at time of analysis. Attack complexity is rated high, requiring precise timing manipulation of concurrent operations.
Parse Server LiveQuery leaks protected fields and authentication data across concurrent subscribers due to shared mutable object state. When multiple clients subscribe to the same class, race conditions in the sensitive data filter allow one subscriber's field filtering to affect other subscribers, exposing data that should remain protected or delivering incomplete objects to authorized clients. Deployments using LiveQuery with protected fields or afterEvent triggers face unauthorized information disclosure. Vendor-released patches are available for Parse Server 8 and 9. No public exploit identified at time of analysis, though the vulnerability is straightforward to trigger in affected configurations.