CVE-2026-22751

A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use TOCTOU race condition. A remote attacker with high attack complexity could exploit this flaw to achieve low...

EUVD-2026-24227

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

GHSA-X2WQ-9X2F-FHJ7 Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the JdbcOneTimeTokenService component. An attacker can gain...

CVE-2026-22751

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

CVE-2026-22751

The CVE-2026-22751 entry concerns a TOCTOU race condition in Spring Security when applications explicitly configure One-Time Token login with JdbcOneTimeTokenService. Affected versions are Spring Security 6.4.0–6.4.15, 6.5.0–6.5.9, and 7.0.0–7.0.4. The vulnerability description (from the connecte...

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

PT-2026-34042

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.4.0 through 6.4.15 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description Applications that explicitly configure One-Time Token login using...

Linux Distros Unpatched Vulnerability : CVE-2021-3144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

This Week in Sprng - April 1st, 2025

Hi, Spring fans! Welcome to another exciting installment of This Week in Spring! It's April Fools day, so be wary of things you read on the internet, but it's also the 11th anniversary of Spring Boot 1.0, which was released this day in 2014! that's not an April Fools. Happy birthday! I'm in...

CVE-2021-36444

Cross Site Request Forgery CSRF vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page...

CVE-2021-36444

Cross Site Request Forgery CSRF vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page...

imcat 跨站请求伪造漏洞

Imcat is a PHP-based open source website building system . The imcat 5.4 version has a security vulnerability, the vulnerability stems from the existence of cross-site request forgery CSRF, remote attackers can use this vulnerability to obtain elevation of privilege by generating a one-time token...

PT-2023-12276 · Imcat · Imcat

Name of the Vulnerable Software and Affected Versions: imcat version 5.4 Description: A Cross Site Request Forgery CSRF issue allows remote attackers to gain escalated privileges. This is due to flaws in one-time token generation on the "add administrator" page. Recommendations: For imcat version...

CVE-2022-2192

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions...

HYPR Server 安全漏洞

HYPR and HYPR Server are both products of HYPR, Inc.HYPR is a security application that implements password-less security.HYPR Server is a server. A security vulnerability exists in HYPR Server versions 6.10 through 6.15.1, which stems from a forced browsing vulnerability that allows a remote...