CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Tenable Nessus•added 2026/04/03 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-32726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypas...

8.1CVSS5.8AI score0.00044EPSS

Exploits1References3

NVD•added 2026/03/31 6:16 p.m.•2 views

CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS0.00044EPSS

Exploits1References2

OSV•added 2026/03/31 6:16 p.m.•2 views

UBUNTU-CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00311EPSS

Exploits1References4

Cvelist•added 2026/03/31 5:1 p.m.•18 views

CVE-2026-32725 SciTokens C++: Relative Path Traversal Vulnerability

8.3CVSS0.00311EPSS

Exploits1References2

EUVD•added 2026/03/31 5:1 p.m.•4 views

EUVD-2026-17561

8.3CVSS5.8AI score0.00311EPSS

Exploits1References2

Vulnrichment•added 2026/03/31 5:1 p.m.•1 views

CVE-2026-32725 SciTokens C++: Relative Path Traversal Vulnerability

8.3CVSS5.8AI score0.00311EPSS

Exploits1References2

CVE•added 2026/03/31 5:1 p.m.•9 views

CVE-2026-32726

SciTokens C++ prior to 1.4.1 contains an authorization bypass in path-based scope validation. The enforcer used a string-prefix check without requiring a path boundary, allowing a token scoped to one path to authorize sibling paths sharing a prefix. This vulnerability has a CVSS v3.1 base score o...

8.1CVSS5.8AI score0.00044EPSS

Exploits1References2Affected Software1

EUVD•added 2026/03/31 5:1 p.m.•1 views

EUVD-2026-17563

8.1CVSS5.8AI score0.00044EPSS

Exploits1References2

OSV•added 2026/03/31 5:1 p.m.•1 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

8.1CVSS5.8AI score0.00044EPSS

Exploits1References4

NVD•added 2026/03/31 3:15 a.m.•1 views

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

9.8CVSS0.00016EPSS

Exploits1References3

Snyk•added 2026/03/31 3:11 a.m.•1 views

Directory Traversal

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Directory Traversal via the checkscope and scopepathmatches functions. An attacker can gain unauthorized access to restricted directories by including dot-dot .. sequences in the...

8.6CVSS6.5AI score0.00021EPSS

Exploits1References2

Snyk•added 2026/03/31 3:10 a.m.•1 views

Improper Authorization

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Improper Authorization via the validatescp and validatescope functions. An attacker can gain unauthorized access to sibling paths by crafting tokens with scope paths that share a...

8.6CVSS5.9AI score0.00015EPSS

Exploits1References2