CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

Packet Storm News•added 2026/05/21 12:0 a.m.•6 views

A First Measurement Study on Authentication Security in Real-World Remote MCP Servers

The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...

5.8AI score

Exploits0

ATTACKERKB•added 2026/05/19 6:4 a.m.•8 views

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.8AI score0.00017EPSS

Exploits0References3

RedhatCVE•added 2026/05/07 9:47 a.m.•6 views

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

3.7CVSS5.8AI score0.00038EPSS

Exploits0References4

EUVD•added 2026/04/03 9:31 p.m.•1 views

EUVD-2026-18857

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

9.1CVSS5.9AI score0.0003EPSS

Exploits0References7

EUVD•added 2026/03/23 3:30 p.m.•0 views

EUVD-2026-14421

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout on the authentication interface...

7.7CVSS5.8AI score0.00081EPSS

Exploits0References3

Vulnrichment•added 2026/03/21 12:42 a.m.•0 views

CVE-2026-32897 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

6.3CVSS5.8AI score0.00059EPSS

Exploits0References3

Positive Technologies•added 2026/02/25 12:0 a.m.•4 views

PT-2026-21977

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check within the library/auth.inc.php file could be bypassed...

7.5CVSS5.3AI score0.00191EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-14879

Malware in sbrugna...

10CVSS9.5AI score0.00493EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-4003

Malware in sbrugna...

6.8CVSS6.4AI score0.00132EPSS

Exploits1References4