Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件) — Vulnerability Class 310

310 vulnerabilities classified as CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33574 OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download — OpenClaw 6.2 Medium2026-03-29
CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval — OpenClaw 7.3 High2026-03-29
CVE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests — parse-server 9.1 -2026-03-24
CVE-2026-32043 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter — OpenClaw 6.5 Medium2026-03-21
CVE-2026-31997 OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals — OpenClaw 6.0 Medium2026-03-19
CVE-2026-27670 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition — OpenClaw 5.3 Medium2026-03-19
CVE-2026-32943 Parse Server has a password reset token single-use bypass via concurrent requests — parse-server 7.4 -2026-03-18
CVE-2026-27545 OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind — OpenClaw 6.1 Medium2026-03-18
CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation — CODESYS Installer 7.3 High2026-03-10
CVE-2026-26017 CoreDNS ACL Bypass — coredns 7.7 High2026-03-06
CVE-2026-27750 Avira Internet Security Optimizer TOCTOU — Avira Internet Security 7.8 High2026-03-05
CVE-2026-20445 MediaTek Chipsets 安全漏洞 — MediaTek chipset 4.1AIMediumAI2026-03-02
CVE-2026-20438 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.4AIMediumAI2026-03-02
CVE-2026-27128 Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit — cms 5.3AIMediumAI2026-02-24
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding — cms 5.9 -2026-02-24
CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss — OpenSift 6.6 Medium2026-02-21
CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places — indico 7.5AIHighAI2026-02-19
CVE-2026-20796 Time-of-check time-of-use vulnerability in common teams API — Mattermost 3.1 Low2026-02-13
CVE-2026-26224 Intego Log Reporter TOCTOU Local Privilege Escalation — Log Reporter 7.0AIHighAI2026-02-12
CVE-2023-20548 AMD Graphics Driver 安全漏洞 — AMD Radeon™ RX 5000 Series Graphics Products 7.0AIHighAI2026-02-11
CVE-2023-31324 AMD Graphics Driver 安全漏洞 — AMD Radeon™ RX 5000 Series Graphics Products 7.0AIHighAI2026-02-11
CVE-2024-36311 AMD Processors 安全漏洞 — AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics 6.4AIMediumAI2026-02-10
CVE-2026-21240 Windows HTTP.sys Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2026-02-10
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability — Microsoft Visual Studio Code CoPilot Chat Extension 8.0 High2026-02-10
CVE-2026-25728 ClipBucket v5 Affected by Remote Code Execution via Avatar/Background File Upload Race Condition — clipbucket-v5 8.1AIHighAI2026-02-10
CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses — SandboxJS 10.0 Critical2026-02-06
CVE-2025-13818 Local privilege escalation in ESET Management Agent for Windows — ESET Management Agent 7.8AIHighAI2026-02-06
CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users — n8n 8.8AIHighAI2026-02-04
CVE-2026-0924 BuhoCleaner 1.15.2 - Local Privilege Escalation via PID reuse attack — BuhoCleaner 7.8AIHighAI2026-02-02
CVE-2026-24071 XPC Client Validation via PID leading to Local Privilege Escalation in Native Instruments Native Access — Native Access 8.8AIHighAI2026-02-02

Vulnerabilities classified as CWE-367 (检查时间与使用时间(TOCTOU)的竞争条件) represent 310 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.