CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

Cvelist•added 2026/06/12 8:55 a.m.•29 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00508EPSS

Exploits0References1

CVE•added 2026/06/12 8:55 a.m.•16 views

CVE-2026-50627

The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...

9.1CVSS5.2AI score0.00508EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/05/11 5:58 p.m.•6 views

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS

Exploits0References4Affected Software1

OSV•added 2026/05/11 5:58 p.m.•5 views

GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

9.1CVSS5.8AI score0.00183EPSS

Exploits0References4

RedhatCVE•added 2026/04/23 6:17 p.m.•2 views

CVE-2026-33557

A flaw was found in Apache Kafka. By default, the sasl.oauthbearer.jwt.validator.class property is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator, which does not validate JSON Web Token JWT signatures, issuers, or audiences. A remote attacker can exploit this by crafting ...

9.1CVSS5.8AI score0.005EPSS

Exploits0References6

NVD•added 2026/03/11 8:16 p.m.•5 views

CVE-2026-27478

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

9.1CVSS0.00183EPSS

Exploits0References1

Cvelist•added 2026/03/11 7:36 p.m.•26 views

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

9.1CVSS0.00183EPSS

Exploits0References1

Vulnrichment•added 2026/03/11 7:36 p.m.•3 views

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

9.1CVSS5.8AI score0.00183EPSS

Exploits0References1

CVE•added 2026/03/11 7:36 p.m.•14 views

CVE-2026-27478

CVE-2026-27478 relates to Unity Catalog (0.4.0 and earlier). The vulnerability is a critical authentication bypass in the token exchange endpoint at /api/1.0/unity-control/auth/tokens, where the issuer (iss) claim from incoming JWTs is used to dynamically fetch the JWKS endpoint for signature val...

9.1CVSS5.8AI score0.00183EPSS

Exploits0References1Affected Software1

Snyk•added 2026/03/11 6:43 p.m.•3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the IdTokenGrantParams.getProvider issuer validation logic in the Apple and Azure provider handlers. An attacker can obtain valid sessions for arbitrary users by submitting crafted ID tokens that bypass issuer...

6.3CVSS5.9AI score0.00138EPSS

Exploits0References2

Github Security Blog•added 2026/02/23 9:31 a.m.•9 views

Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS5.4AI score0.00398EPSS

Exploits2References7Affected Software1

OSV•added 2026/02/23 9:17 a.m.•6 views

CVE-2026-23552

9.1CVSS5.9AI score0.00398EPSS

Exploits2References3

ATTACKERKB•added 2026/02/23 8:45 a.m.•6 views

CVE-2026-23552

5.3AI score0.00398EPSS

Exploits2References2Affected Software1

Cvelist•added 2026/02/23 8:45 a.m.•25 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

0.00398EPSS

Exploits2References2

CVE•added 2026/02/23 8:45 a.m.•40 views

CVE-2026-23552

Summary: CVE-2026-23552 describes an authentication bypass in Apache Camel’s Camel-Keycloak integration via the KeycloakSecurityPolicy. Affected software: Apache Camel versions 4.15.0 through 4.17.9 (per the CVE entry and related Nessus/Red Hat entries). Root cause (as stated): The KeycloakSecuri...

9.1CVSS5.3AI score0.00398EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2026/02/23 8:45 a.m.•5 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

5.4AI score0.00398EPSS

Exploits2References2

GithubExploit•added 2026/02/09 12:50 p.m.•128 views

Exploit for CVE-2026-23552

CVE-2026-23552 - Cross-Realm Token Acceptance in camel-keycloa...

5.8AI score0.00398EPSS

Exploits2

Veracode•added 2025/11/11 6:44 a.m.•5 views

Cache Poisoning

get-jwks is vulnerable to cache poisoning. The vulnerability is due to a design flaw where the iss issuer claim may be validated only after keys are retrieved from a shared JWKS cache, which allows an attacker to push a chosen public key into the cache with one crafted JWT and then reuse that...

9.4CVSS9AI score0.00364EPSS

Exploits0References3Affected Software1