Skip to main content

CWE-820

Missing Synchronization

13 CVEs Avg CVSS 7.3 MITRE
1
CRITICAL
7
HIGH
5
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-57029 MEDIUM PATCH This Month

Traffic forwarding on Juniper QFX Series switches running Junos OS Evolved can be fully disrupted by an adjacent, unauthenticated attacker exploiting a race condition in the sFlow collector handler. When sFlow collector reachability changes trigger a next-hop entry update concurrently with the sFlow thread reading that same next-hop data, the evo-pfemand process crashes and all packet forwarding halts until the process automatically restarts. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis, but the availability impact is severe for any network segment relying on the affected switch.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-53277 HIGH PATCH This Week

Local privilege escalation / host compromise risk in the Linux kernel arm64 KVM subsystem arises because __kvm_at_s12() (AT instruction emulation) and __kvm_find_s1_desc_level() invoke the stage-1/nested stage-2 page-table walkers walk_s1() and kvm_walk_nested_s2() without holding kvm->srcu, which those walkers require to guard against concurrent memslot changes. A malicious or compromised guest on an affected arm64 host can race memslot updates against these walks, with CVSS scoring confidentiality, integrity and availability all High under a changed scope (host impact). It is patched in stable trees, EPSS is low (0.17%), and there is no public exploit identified at time of analysis.

Code Injection Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-53153 HIGH PATCH This Week

Kernel memory corruption in the Linux memory-management list_lru subsystem (memory cgroup reparenting path) allows a local user to corrupt linked-list pointers and destabilize or potentially escalate privileges on the system. The flaw is a race condition in memcg_reparent_list_lrus(), affecting kernels from 6.13 onward; it carries CVSS 7.8 (High) with full confidentiality, integrity and availability impact but a low EPSS of 0.17% (7th percentile). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Linux Information Disclosure Enterprise Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-22163 HIGH This Week

Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory protections and write to arbitrary physical memory through race condition exploitation. This privilege escalation vulnerability affects systems using the vulnerable DDK driver and requires no user interaction to trigger. No patch is currently available.

RCE Graphics Ddk
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50238 HIGH This Week

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-49751 MEDIUM This Month

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-47999 MEDIUM PATCH This Month

A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 10 1607 Windows Server 2022 23h2 Windows Server 2019 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-47154 CRITICAL Act Now

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.0
EPSS
1.1%
CVE-2025-1445 HIGH This Week

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-49114 HIGH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Traffic forwarding on Juniper QFX Series switches running Junos OS Evolved can be fully disrupted by an adjacent, unauthenticated attacker exploiting a race condition in the sFlow collector handler. When sFlow collector reachability changes trigger a next-hop entry update concurrently with the sFlow thread reading that same next-hop data, the evo-pfemand process crashes and all packet forwarding halts until the process automatically restarts. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis, but the availability impact is severe for any network segment relying on the affected switch.

Juniper Denial Of Service Junos Os Evolved
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation / host compromise risk in the Linux kernel arm64 KVM subsystem arises because __kvm_at_s12() (AT instruction emulation) and __kvm_find_s1_desc_level() invoke the stage-1/nested stage-2 page-table walkers walk_s1() and kvm_walk_nested_s2() without holding kvm->srcu, which those walkers require to guard against concurrent memslot changes. A malicious or compromised guest on an affected arm64 host can race memslot updates against these walks, with CVSS scoring confidentiality, integrity and availability all High under a changed scope (host impact). It is patched in stable trees, EPSS is low (0.17%), and there is no public exploit identified at time of analysis.

Code Injection Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel memory corruption in the Linux memory-management list_lru subsystem (memory cgroup reparenting path) allows a local user to corrupt linked-list pointers and destabilize or potentially escalate privileges on the system. The flaw is a race condition in memcg_reparent_list_lrus(), affecting kernels from 6.13 onward; it carries CVSS 7.8 (High) with full confidentiality, integrity and availability impact but a low EPSS of 0.17% (7th percentile). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Linux Information Disclosure Enterprise Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory protections and write to arbitrary physical memory through race condition exploitation. This privilege escalation vulnerability affects systems using the vulnerable DDK driver and requires no user interaction to trigger. No patch is currently available.

RCE Graphics Ddk
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 +12
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 10 1607 +12
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy