Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/06 1:42 p.m.7 views

Security Bulletin: Due to use of spring-security-core-6.5.9.jar, IBM Sterling Connect:Direct Web Services is vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition

Summary spring-security-core-6.5.9.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22746, CVE-2026-22751. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or...

4.8CVSS5.4AI score0.00215EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: PackageKit

Issue Overview: PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transacti...

8.8CVSS6AI score0.0046EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.7 views

CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.6AI score0.00105EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 10:49 p.m.3 views

CVE-2025-20028

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

7.1CVSS5.7AI score0.00076EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout 1.8.206 and earlier have code vulnerabilities, stemming from a TOCTOU flaw in the sanitizeUploadedFileName function. This flaw could allow...

10CVSS7.9AI score0.3114EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/02/25 12:35 p.m.6 views

CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:15 a.m.7 views

CVE-2025-13231

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/16 8:20 a.m.4 views

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS5.7AI score0.00151EPSS
Exploits0References2
OSV
OSV
added 2023/10/11 9:15 p.m.5 views

CVE-2023-44188

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon jkdsd process to crash,...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2022/11/15 12:15 a.m.7 views

CVE-2022-33909

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

7CVSS5.8AI score0.00132EPSS
Exploits0References2
Rows per page
Query Builder