Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件) — Vulnerability Class 310

310 vulnerabilities classified as CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41360 OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding — OpenClaw 6.7 Medium2026-04-23
CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations — OpenClaw 5.0 Medium2026-04-23
CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay — OpenClaw 5.3 Medium2026-04-23
CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition — coreutils 4.5 Medium2026-04-22
CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition — coreutils 6.3 Medium2026-04-22
CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition — coreutils 6.3 Medium2026-04-22
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module — coreutils 3.6 Low2026-04-22
CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition — coreutils 6.3 Medium2026-04-22
CVE-2026-35359 uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap — coreutils 4.7 Medium2026-04-22
CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race — coreutils 4.7 Medium2026-04-22
CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race — coreutils 6.3 Medium2026-04-22
CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race — coreutils 6.3 Medium2026-04-22
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device — coreutils 4.7 Medium2026-04-22
CVE-2026-35353 uutils coreutils mkdir Permission Exposure Race Condition with -m — coreutils 3.3 Low2026-04-22
CVE-2026-35352 uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition — coreutils 7.0 High2026-04-22
CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race — coreutils 5.3 Medium2026-04-22
CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root — PackageKit 8.8 High2026-04-22
CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile — OpenClaw 8.2 High2026-04-20
CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup — openproject 6.5 Medium2026-04-20
CVE-2026-5958 Race Condition in GNU Sed — Sed 5.9AIMediumAI2026-04-20
CVE-2026-1880 ASUS DriverHub 安全漏洞 — DriverHub 7.8AIHighAI2026-04-16
CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse — Mattermost 6.5 Medium2026-04-15
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.0 High2026-04-14
CVE-2026-35648 OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions — OpenClaw 3.7 Low2026-04-10
CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file() — Red Hat Hardened Images 6.7 Medium2026-04-09
CVE-2026-32602 Homarr has a Race Condition in Invite Token Registration (TOCTOU) — homarr 4.2 Medium2026-04-06
CVE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests — parse-server 8.2AIHighAI2026-03-31
CVE-2026-32988 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unvalidated Temporary File Creation — OpenClaw 7.5 High2026-03-31
CVE-2026-32977 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Unanchored writeFile Commit Path — OpenClaw 6.3 Medium2026-03-31
CVE-2026-32921 OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run — OpenClaw 6.3 Medium2026-03-31

Vulnerabilities classified as CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件) represent 310 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.