CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CVE•added 2026/06/04 6:35 a.m.•13 views

CVE-2026-49204

Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.

6.9CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/04 6:35 a.m.•36 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/06/04 6:35 a.m.•4 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00043EPSS

Exploits0References1

EUVD•added 2026/04/24 4:11 p.m.•2 views

EUVD-2026-25577

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.5AI score0.00199EPSS

Exploits0References3

Malwarebytes•added 2025/09/09 7:24 p.m.•3 views

Popeyes, Tim Hortons, Burger King platforms have “catastrophic” vulnerabilities, say hackers

Two ethical hackers say they have uncovered massive security vulnerabilities in the platforms hosted by Restaurant Brands International RBI. RBI is one of the world's largest quick service restaurant companies. It was formed in 2014 through a $12.5 billion merger of the American fast food chain...

6.9AI score

Exploits0

VulnCheck KEV•added 2025/06/23 12:0 a.m.•0 views

VulnCheck KEV: CVE-2023-22893

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that...

8.2CVSS5.8AI score0.50773EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:29 a.m.•4 views

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

6.4CVSS6.8AI score0.00534EPSS

Exploits0

Positive Technologies•added 2024/11/08 12:0 a.m.•6 views

PT-2024-35171 · Amazon · Amazon Cognito

Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...

6.3CVSS6.9AI score0.00313EPSS

Exploits0References8

Veracode•added 2024/08/28 3:52 a.m.•12 views

Unauthorized Access

aws-cdk is vulnerable to Unauthorized Access. The vulnerability is due to improper handling of authorization scopes when using the RestApi construct with CognitoUserPoolAuthorizer This flaw allows authenticated Amazon Cognito users to gain broader access than intended...

6.4CVSS6.4AI score0.00534EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2024/08/27 12:0 a.m.•4 views

PT-2024-31387 · Amazon · Aws Cloud Development Kit

Name of the Vulnerable Software and Affected Versions: AWS Cloud Development Kit CDK versions 2.142.0 through 2.148.0 Description: The issue in AWS Cloud Development Kit CDK can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application...

6.4CVSS7.1AI score0.00534EPSS

Exploits0References11

CNNVD•added 2023/04/19 12:0 a.m.•1 views

Strapi 授权问题漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.5.5 that stems from the fact that Strapi does not validate access or ID tokens issued during the OAuth process when the AWS Cognito login provider is used for authentication...

8.2CVSS7.5AI score0.50773EPSS

Exploits1References4

Positive Technologies•added 2023/04/18 12:0 a.m.•2 views

PT-2023-33074 · Amazon · Aws Cognito

Name of the Vulnerable Software and Affected Versions: Strapi versions 4.5.6 and earlier Description: The issue concerns the verification of access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token...

8.2CVSS7.6AI score

Exploits0References6

Positive Technologies•added 2023/04/18 12:0 a.m.•2 views

PT-2023-18757 · Amazon · Aws Cognito

Name of the Vulnerable Software and Affected Versions: Strapi versions 3.2.1 through 4.5.5 Description: The issue arises from the lack of verification of access or ID tokens issued during the OAuth flow when using the AWS Cognito login provider for authentication. This allows a remote attacker to...

7.5CVSS9.9AI score0.50773EPSS

Exploits1References15

Tenable Nessus•added 2022/10/05 12:0 a.m.•41 views

Amazon Cognito User Enumeration

Amazon Cognito is a cloud product from Amazon Web Services AWS which provides user authentication, authorization and management services for web and mobile applications. By using Amazon Cognito, developers can quickly add a user management feature to their applications, control and enforce...

7.5AI score

Exploits0References4

Tenable Nessus•added 2022/10/05 12:0 a.m.•19 views

Amazon Cognito Insecure Permissions

7.8AI score

Exploits0References2

Tenable Nessus•added 2022/09/26 12:0 a.m.•13 views

Amazon Cognito Detected

7.3AI score

Exploits0References2

Rows per page