22 matches found
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
CVE-2026-58165
OpenZiti (up to v2.0.0) contains a privilege-escalation via Unauthorized Enrollment Creation. The ApplyCreate function in controller/model/enrollment_manager.go validates only that the target identity exists, with no authorization binding the caller to the target. Authenticated non-admin users wi...
EUVD-2026-40371
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
PT-2026-53916
Name of the Vulnerable Software and Affected Versions OpenZiti versions prior to 2.0.1 Description A privilege escalation flaw exists in the controller enrollment management path. An authenticated non-admin identity with fine-grained enrollment management permissions can create enrollments for an...
CVE-2026-3461
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
CVE-2026-22751
A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use TOCTOU race condition. A remote attacker with high attack complexity could exploit this flaw to achieve low...
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
GHSA-X2WQ-9X2F-FHJ7 Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
EUVD-2026-24227
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the JdbcOneTimeTokenService component. An attacker can gain...
CVE-2026-22751
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
CVE-2026-22751
The CVE-2026-22751 entry concerns a TOCTOU race condition in Spring Security when applications explicitly configure One-Time Token login with JdbcOneTimeTokenService. Affected versions are Spring Security 6.4.0–6.4.15, 6.5.0–6.5.9, and 7.0.0–7.0.4. The vulnerability description (from the connecte...
PT-2026-34042
Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.4.0 through 6.4.15 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description Applications that explicitly configure One-Time Token login using...
Linux Distros Unpatched Vulnerability : CVE-2021-3144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...
This Week in Sprng - April 1st, 2025
Hi, Spring fans! Welcome to another exciting installment of This Week in Spring! It's April Fools day, so be wary of things you read on the internet, but it's also the 11th anniversary of Spring Boot 1.0, which was released this day in 2014! that's not an April Fools. Happy birthday! I'm in...
CVE-2021-36444
Cross Site Request Forgery CSRF vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page...
CVE-2021-36444
Cross Site Request Forgery CSRF vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page...
imcat 跨站请求伪造漏洞
Imcat is a PHP-based open source website building system . The imcat 5.4 version has a security vulnerability, the vulnerability stems from the existence of cross-site request forgery CSRF, remote attackers can use this vulnerability to obtain elevation of privilege by generating a one-time token...
PT-2023-12276 · Imcat · Imcat
Name of the Vulnerable Software and Affected Versions: imcat version 5.4 Description: A Cross Site Request Forgery CSRF issue allows remote attackers to gain escalated privileges. This is due to flaws in one-time token generation on the "add administrator" page. Recommendations: For imcat version...