Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

1138 matches found

NVD
NVDโ€ขadded 2026/04/21 7:16 p.m.โ€ข1 views

CVE-2026-22751

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS0.00048EPSS
Exploits0References1
UbuntuCve
UbuntuCveโ€ขadded 2026/04/21 7:16 p.m.โ€ข4 views

CVE-2026-22751

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.8AI score0.00048EPSS
Exploits0References1
CVE
CVEโ€ขadded 2026/04/21 6:30 p.m.โ€ข9 views

CVE-2026-22751

The CVE-2026-22751 entry concerns a TOCTOU race condition in Spring Security when applications explicitly configure One-Time Token login with JdbcOneTimeTokenService. Affected versions are Spring Security 6.4.0โ€“6.4.15, 6.5.0โ€“6.5.9, and 7.0.0โ€“7.0.4. The vulnerability description (from the connecte...

4.8CVSS5.8AI score0.00048EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistโ€ขadded 2026/04/21 6:30 p.m.โ€ข28 views

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS0.00048EPSS
Exploits0References1
Vulnrichment
Vulnrichmentโ€ขadded 2026/04/21 6:30 p.m.โ€ข4 views

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.8AI score0.00048EPSS
Exploits0References1
vulnersOsv
vulnersOsvโ€ขadded 2026/04/21 12:0 a.m.โ€ข5 views

ch.admin.bit.jeap:jeap-oauth-mock-server (>=3.1.0 <=3.44.0), ch.admin.bit.jeap:jeap-oauth-mock-server-instance (>=3.1.0 <=3.44.0) +79 more potentially affected by CVE-2026-22752 via org.springframework.security:spring-security-oauth2-authorization-server (>=1.3.0 <=1.5.6)

org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =1.3.0, =3.1.0, =3.1.0, =1.0.0, =1.0.1, =1.0.0, =3.0.0, =3.5.5.3, =3.5.5.3, =3.3.0.0, =3.5.5.3, =3.5.5.3, =3.5.5.3, =3.3.0.0, =3.3.0.0, =3.5.5.2 and more Source cves: CVE-2026-22752 Source advisory:...

5.8AI score
Exploits0
CNNVD
CNNVDโ€ขadded 2026/04/21 12:0 a.m.โ€ข7 views

Spring Security ๅฎ‰ๅ…จๆผๆดž

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities exist in versions 6.4.0 to 6.4.15, 6.5.0 to 6.5.9, and 7.0.0 to 7.0.4 of Spring Security. These vulnerabilities stem from race conditions when configurin...

4.8CVSS5.8AI score0.00048EPSS
Exploits0References1
Positive Technologies
Positive Technologiesโ€ขadded 2026/04/21 12:0 a.m.โ€ข2 views

PT-2026-34042

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.4.0 through 6.4.15 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description Applications that explicitly configure One-Time Token login using...

4.8CVSS5.8AI score0.00048EPSS
Exploits0References5
vulnersOsv
vulnersOsvโ€ขadded 2026/04/21 12:0 a.m.โ€ข6 views

cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3), cn.herodotus.dante:dante-logic-identity (>=4.0.0.0-M2 <=4.0.0.0-M3) +25 more potentially affected by CVE-2026-22752 via org.springframework.security:spring-security-oauth2-authorization-server (>=7.0.0-M3 <=7.0.4)

org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =7.0.0-M3, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =0.1.0, =7.0.0-4, =4.0.2.0-M4, =4.0.0.0-M4, =4.0.0.0-M4, =4.0.2.0-M4, =4.0.5.1 and more...

5.8AI score
Exploits0
Spring Engineering
Spring Engineeringโ€ขadded 2026/04/20 12:0 a.m.โ€ข4 views

Spring Office Hours Podcast: S5E13 - Community Potluck

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this Potluck episode, Dan and DaShaun open up the floor to the community, answering your questions on Spring Boot, Spring AI, Spring Security, and whatever else is on your mind. Potluck episodes are shaped...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletinsโ€ขadded 2026/04/17 1:12 p.m.โ€ข4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security

Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...

9.1CVSS5.7AI score0.00028EPSS
Exploits2Affected Software1
Packet Storm
Packet Stormโ€ขadded 2026/04/09 12:0 a.m.โ€ข79 views

๐Ÿ“„ Vaadin 25.x Authentication Bypass

An authentication bypass affects Vaadin versions 6.8.13, 14.x, 23.x, 24.x, and 25.x when used with Spring Security, due to inconsistent path pattern matching on reserved framework routes. Accessing the /VAADIN endpoint without a trailing slash can bypass security filters, allowing unauthenticated...

5.9AI score
Exploits0
GithubExploit
GithubExploitโ€ขadded 2026/04/07 5:31 p.m.โ€ข88 views

Exploit for CVE-2026-22732

CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...

9.1CVSS6AI score0.00028EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletinsโ€ขadded 2026/03/31 4:56 p.m.โ€ข8 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.09681EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsโ€ขadded 2026/03/31 4:18 p.m.โ€ข10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.1

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.1 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring...

9.8CVSS6.8AI score0.01189EPSS
Exploits6Affected Software1
Circl
Circlโ€ขadded 2026/03/26 8:5 p.m.โ€ข2 views

CVE-2026-22744

creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-288 2026-03-27 07:18:31+00:00| seen| Telegram/tQ8akL20JB-7ffGjDDpJsYVoTg18MfzS3yyGF6GBW7nNPwo 2026-03-27 08:05:23+00:00| seen|...

7.5CVSS5.3AI score0.00064EPSS
Exploits0References6
Circl
Circlโ€ขadded 2026/03/26 8:5 p.m.โ€ข1 views

CVE-2026-22742

creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-288 2026-03-27 07:00:49+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhzkbsrncs2v 2026-03-27 07:18:31+00:00| seen|...

8.6CVSS4.8AI score0.00085EPSS
Exploits0References7
Circl
Circlโ€ขadded 2026/03/26 8:5 p.m.โ€ข2 views

CVE-2026-22738

creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-288 2026-03-27 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116299610793227388 2026-03-27 06:00:31+00:00| seen|...

9.8CVSS4.8AI score0.00055EPSS
Exploits0References16
Circl
Circlโ€ขadded 2026/03/26 8:5 p.m.โ€ข0 views

CVE-2026-22743

creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-288 2026-03-27 07:18:31+00:00| seen| Telegram/tQ8akL20JB-7ffGjDDpJsYVoTg18MfzS3yyGF6GBW7nNPwo 2026-03-27 08:14:21+00:00| seen|...

7.5CVSS4.8AI score0.00085EPSS
Exploits0References6
Spring Engineering
Spring Engineeringโ€ขadded 2026/03/26 12:0 a.m.โ€ข5 views

A Bootiful Podcast: Daniel Garnier-Moiroux on MCP Security

Hi Spring, AI, Spring AI, security, and Spring Security fans! In this installment I talk to the legendary Daniel-Garnier Moiroux! ai mcp security java...

5.8AI score
Exploits0
Rows per page
Query Builder