CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

446 matches found

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...

5.3CVSS6AI score0.03002EPSS

Exploits1References3

EUVD•added 5 days ago•5 views

EUVD-2024-36468

OpenCTI May Bypass Introspection Restriction...

8.2CVSS5.8AI score0.00442EPSS

Exploits0References5

OSV•added 2026/06/18 3:32 p.m.•2 views

GHSA-8FCC-W5HV-4GXV googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint RFC 7662, the toolbox decodes the response into an introspectResp struct where t...

9.3CVSS6AI score0.00195EPSS

Exploits0References3

NVD•added 2026/06/18 2:17 p.m.•12 views

CVE-2026-11717

9.3CVSS0.00195EPSS

Exploits0References1

NVD•added 2026/06/18 2:17 p.m.•11 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS

Exploits0References1

ATTACKERKB•added 2026/06/18 11:52 a.m.•9 views

CVE-2026-11718

9.3CVSS5.3AI score0.00204EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/18 11:52 a.m.•10 views

EUVD-2026-37880

9.3CVSS5.4AI score0.00204EPSS

Exploits0References1

Cvelist•added 2026/06/18 11:52 a.m.•16 views

CVE-2026-11718

9.3CVSS0.00204EPSS

Exploits0References1

CVE•added 2026/06/18 11:52 a.m.•26 views

CVE-2026-11718

The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...

9.3CVSS5.4AI score0.00204EPSS

Exploits0References1

EUVD•added 2026/06/18 11:50 a.m.•9 views

EUVD-2026-37879

9.3CVSS5.4AI score0.00195EPSS

Exploits0References1

CVE•added 2026/06/18 11:50 a.m.•30 views

CVE-2026-11717

CVE-2026-11717 details an authentication bypass in googleapis/mcp-toolbox, specifically in the validateOpaqueToken path. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp with Active as a *bool. The ...

9.3CVSS5.4AI score0.00195EPSS

Exploits0References1

Positive Technologies•added 2026/06/18 12:0 a.m.•13 views

PT-2026-50660

Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description An authentication bypass exists in the generic opaque token validation path validateOpaqueToken. When validating an opaque token via an OAuth 2.0 introspection endpoint, the...

9.3CVSS5.8AI score0.00204EPSS

Exploits0References9

Positive Technologies•added 2026/06/18 12:0 a.m.•16 views

PT-2026-50659

Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description An authentication bypass exists in the generic opaque token validation path validateOpaqueToken. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint...

9.3CVSS5.8AI score0.00195EPSS

Exploits0References9

Veracode•added 2026/06/15 12:0 p.m.•7 views

Improper Access Control

Keycloak is vulnerable to Improper Access Control. The vulnerability is due to insufficient audience restriction enforcement in the OpenID Connect token introspection endpoint, which allows an authenticated confidential client to access sensitive token claims intended for other resource servers...

6.5CVSS5.2AI score0.00366EPSS

Exploits0References9Affected Software1

OSSF Malicious Packages•added 2026/06/14 7:21 a.m.•11 views

Malicious code in sys-info-cli-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...

5.2AI score

Exploits0References3

NVD•added 2026/06/12 10:16 a.m.•12 views

CVE-2026-50623

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

4.8CVSS0.00371EPSS

Exploits0References2

EUVD•added 2026/06/12 8:52 a.m.•8 views

EUVD-2026-36393

6.5CVSS5.3AI score0.00371EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 8:52 a.m.•10 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

5.3AI score0.00371EPSS

Exploits0References1

Cvelist•added 2026/06/12 8:52 a.m.•25 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

0.00371EPSS

Exploits0References1

CVE•added 2026/06/12 8:52 a.m.•16 views

CVE-2026-50623

CVE-2026-50623 affects Apache CXF’s OAuth2 TokenIntrospectionService. A missing 'throw' in the security context check permits access to the introspection endpoint (/services/oauth2/introspect) by any unauthenticated network attacker. This bypass is tied to a safeguard condition when authenticatio...

4.8CVSS5.4AI score0.00371EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by