Lucene search
K

39 matches found

CVE
CVE
added 4 days ago7 views

CVE-2026-21046

The vulnerability CVE-2026-21046 concerns the fabricKeymaster trustlet. It describes a time-of-check time-of-use race condition that exists prior to the SMR Jul-2026 Release 1. Impact is local: a privileged attacker could execute arbitrary code. The provided sources specify the affected component...

8.4CVSS6.2AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 12:14 p.m.35 views

CVE-2026-44946 SAML Authentication Replay in Rancher

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...

9.5CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:14 p.m.39 views

CVE-2026-44946

CVE-2026-44946 describes a SAML authentication replay vulnerability in Rancher’s Assertion Consumer Service (ACS) handler, where one-time use of SAML assertions was not enforced. The issue can enable man‑in‑the‑middle style abuse against Rancher, affecting Rancher 2.14.0 up to (but not including)...

9.5CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53861

Name of the Vulnerable Software and Affected Versions Rancher versions 2.14.0 through 2.14.2 Rancher versions 2.13.0 through 2.13.6 Rancher versions 2.12.0 through 2.12.10 Rancher versions 2.11.0 through 2.11.14 Description A SAML authentication replay issue exists in the Assertion Consumer Servi...

9.5CVSS5.9AI score0.00291EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53250

CVE-2026-53250 : In the Linux kernel, the xsk_skb_metadata() path is vulnerable to a TOCTOU race in which csum_start and csum_offset are read from shared UMEM and then read again for skb assignment. A malicious userspace process can overwrite values between reads, bypassing bounds checks and caus...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/11 7:16 a.m.14 views

CVE-2026-41000

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.11 views

CVE-2026-41000 WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.27 views

CVE-2026-41000 WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.11 views

EUVD-2026-36210

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...

6.3CVSS5.4AI score0.00223EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

cve-2026-41000 - LOW - WSS4J validation does not use configured replay cache

cve-2026-41000 - LOW - WSS4J validation does not use configured replay cache...

3.7CVSS6.1AI score0.00223EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-46987

Name of the Vulnerable Software and Affected Versions Omni affected versions not specified Description A TOCTOU Time-of-Check to Time-of-Use race condition exists in the SAML.getSession function within internal/pkg/auth/interceptor/saml.go. The system checks the Used flag of a SAMLAssertion...

7CVSS5.8AI score0.00018EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/03 11:1 a.m.40 views

CVE-2025-41259 SWUpdate Untrusted Script Execution via Signed Update TOCTOU

SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...

7.3CVSS0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 2:16 p.m.23 views

CVE-2026-45208

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS0.003EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 4:29 p.m.13 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.7AI score0.00188EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.9 views

Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h3g-6xhh-rg6p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that...

8.3CVSS5.7AI score0.00208EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/05/06 6:12 a.m.100 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

CVE-2026-41651 — Pack2TheRoot Analysis PackageKit Local P...

8.8CVSS5.8AI score0.0046EPSS
Exploits10
CVE
CVE
added 2026/04/22 4:8 p.m.23 views

CVE-2026-35352

CVE-2026-35352 affects the mkfifo utility in uutils coreutils. A TOCTOU race exists: the tool creates a FIFO and then performs a path-based chmod. A local attacker with write access to the parent directory can replace the newly created FIFO with a symbolic link between the two operations, causing...

7CVSS5.9AI score0.00147EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.6 views

Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run...

7CVSS6.2AI score0.00099EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 1:0 a.m.11 views

CVE-2026-27670 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...

5.8CVSS6.1AI score0.00081EPSS
Exploits0References5
Rows per page
Query Builder