Skip to main content

CWE-366

Race Condition within a Thread

15 CVEs Avg CVSS 6.5 MITRE
1
CRITICAL
6
HIGH
7
MEDIUM
1
LOW
3
POC
0
KEV

Monthly

CVE-2026-46181 HIGH PATCH This Week

Local privilege escalation or denial-of-service in the Linux kernel's RDMA/mlx4 InfiniBand driver stems from improper RCU synchronization in mlx4_srq_event(), where the mlx4_srq structure is never freed via RCU and can be accessed before initialization completes. Local low-privileged users on systems using Mellanox ConnectX (mlx4) RDMA hardware can trigger a race condition leading to memory corruption or kernel crash, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS scores this at just 0.02%, indicating minimal real-world exploitation likelihood.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-3904 MEDIUM PATCH This Month

Denial of service in GNU C Library 2.36 on x86_64 systems occurs when nscd-backed functions trigger a race condition in the optimized memcmp implementation, allowing concurrent thread modification of input data to cause application crashes. This affects any application using NSS caching functionality under high load conditions. No patch is currently available.

Denial Of Service Glibc
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-23684 MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22819 npm MEDIUM POC PATCH This Month

Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.

Information Disclosure Outray
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-58143 CRITICAL PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-31115 HIGH PATCH CISA This Week

XZ Utils provide a general-purpose data-compression library plus command-line tools. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-10630 HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-2032 PyPI LOW PATCH Monitor

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Information Disclosure Zenml
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
CVE-2023-6546 HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2023-4732 MEDIUM This Month

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder For Arm64 +7
NVD
CVSS 3.1
4.7
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation or denial-of-service in the Linux kernel's RDMA/mlx4 InfiniBand driver stems from improper RCU synchronization in mlx4_srq_event(), where the mlx4_srq structure is never freed via RCU and can be accessed before initialization completes. Local low-privileged users on systems using Mellanox ConnectX (mlx4) RDMA hardware can trigger a race condition leading to memory corruption or kernel crash, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS scores this at just 0.02%, indicating minimal real-world exploitation likelihood.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial of service in GNU C Library 2.36 on x86_64 systems occurs when nscd-backed functions trigger a race condition in the optimized memcmp implementation, allowing concurrent thread modification of input data to cause application crashes. This affects any application using NSS caching functionality under high load conditions. No patch is currently available.

Denial Of Service Glibc
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

SAP Race Condition Commerce Cloud
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.

Information Disclosure Outray
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xen Suse
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

XZ Utils provide a general-purpose data-compression library plus command-line tools. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Information Disclosure Zenml
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel +9
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy