CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•8 views

EUVD-2026-38024

6.3CVSS5.8AI score0.0043EPSS

CVE•added 6 days ago•9 views

CVE-2026-47341

CVE-2026-47341 describes an authentication bypass in Apache APISIX due to a capture-replay flaw in the hmac-auth configuration. The issue allows an attacker to reuse a token indefinitely, bypassing expiry, with affected versions 3.11.0 through 3.16.0. The advisory recommends upgrading to 3.17.0, ...

6.5CVSS5.8AI score0.0043EPSS

Positive Technologies•added 6 days ago•13 views

PT-2026-50887

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.11.0 through 3.16.0 Description An authentication bypass exists due to a capture-replay issue. An attacker can leverage specific configurations in the hmac-auth module to reuse a token indefinitely, effectively bypassi...

6.5CVSS5.9AI score0.0043EPSS

Exploits0References6

RedhatCVE•added 2026/06/15 2:36 p.m.•7 views

CVE-2026-50627

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS4.8AI score0.00393EPSS

Exploits0References5

GithubExploit•added 2026/06/12 10:20 a.m.•64 views

Exploit for CVE-2026-53646

███████╗ ██████╗ ███████╗██╗ ██╗██╗██╗ ██╗ ███████...

5.6AI score0.00062EPSS

Exploits1

CVE•added 2026/06/12 8:59 a.m.•20 views

CVE-2026-50631

CVE-2026-50631 : A TOCTOU race condition in Apache CXF's AbstractOAuthDataProvider allows concurrent requests to reuse the same Refresh Token when recycleRefreshTokens is false, bypassing single-use semantics and generating multiple valid Access Tokens. This can enable token replay/abuse by multi...

7.4CVSS5.3AI score0.00294EPSS

Cvelist•added 2026/06/12 8:59 a.m.•31 views

CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

0.00294EPSS

RedhatCVE•added 2026/06/05 7:45 p.m.•6 views

CVE-2026-4273

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

4.3CVSS5.5AI score0.00142EPSS

RedhatCVE•added 2026/06/05 7:35 p.m.•7 views

CVE-2026-5774

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

6.4CVSS5.6AI score0.00243EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:30 p.m.•7 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS5.5AI score0.00167EPSS

Snyk•added 2026/05/19 6:22 a.m.•11 views

Incorrect Implementation of Authentication Algorithm

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm through the TokenManager and OIDC endpoint token checks ...

5.4CVSS5.4AI score0.0027EPSS

OSV•added 2026/05/18 3:36 p.m.•6 views

GHSA-QQ2P-4282-CFC5 eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage

Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...

7.1CVSS5.8AI score

Github Security Blog•added 2026/05/18 3:36 p.m.•21 views

eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage

5.8AI score

Github Security Blog•added 2026/05/18 9:31 a.m.•8 views

Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation

4.3CVSS5.8AI score0.00142EPSS

Exploits0References4Affected Software2

CVE•added 2026/05/18 6:56 a.m.•18 views

CVE-2026-4273

Mattermost contains an insufficient validation flaw in remote cluster invite confirmation. Versions affected: 11.5.x ≤ 11.5.1 and 10.11.x ≤ 10.11.13. The RefreshedToken is not properly checked against the original invite token, allowing an authenticated attacker to bypass token rotation and reuse...

4.3CVSS5.8AI score0.00142EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/18 6:56 a.m.•8 views

CVE-2026-4273

3.7CVSS5.8AI score0.00142EPSS

NVD•added 2026/05/14 10:16 p.m.•9 views

CVE-2026-44428

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

4.7CVSS0.00219EPSS

Snyk•added 2026/05/13 8:2 p.m.•9 views

Insufficient Session Expiration

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...

6.9CVSS5.8AI score0.00272EPSS