CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

153 matches found

CVE-2026-53862

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

4.2CVSS

Exploits0References2

CVE•added 3 hours ago•7 views

CVE-2026-53862

OpenClaw prior to 2026.5.12 is affected by a bootstrap token replay vulnerability that allows callers with pending token access to reuse tokens for broader scopes, potentially escalating pairing authority before approval. The issue is described in the CVE as allowing bootstrap tokens to be replay...

4.2CVSS5.3AI score

Exploits0References2

NVD•added 4 days ago•6 views

CVE-2026-50627

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

9.1CVSS0.0019EPSS

Exploits0References2

Vulnrichment•added 4 days ago•5 views

CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

5.2AI score0.00345EPSS

Exploits0References1

Cvelist•added 4 days ago•27 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

0.0019EPSS

Exploits0References1

EUVD•added 4 days ago•5 views

EUVD-2026-36395

5.1AI score0.0019EPSS

Exploits0References1

CVE•added 4 days ago•10 views

CVE-2026-50627

The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...

9.1CVSS5.2AI score0.0019EPSS

Exploits0References2Affected Software1

Positive Technologies•added 4 days ago•5 views

PT-2026-48846

5.1AI score0.0019EPSS

Exploits0References3

NVD•added 5 days ago•6 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00329EPSS

Exploits0References2

RedHat Linux•added 6 days ago•5 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.4AI score0.00283EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:20 p.m.•5 views

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.5AI score0.01857EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.5AI score0.00222EPSS

Exploits1References1

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-46987

Summary SAML.getSession internal/pkg/auth/interceptor/saml.go checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used =...

7CVSS5.4AI score0.00018EPSS

Exploits0References5

Positive Technologies•added 2026/06/03 12:0 a.m.•7 views

PT-2026-45997

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authenticati...

5.8AI score0.00166EPSS

Exploits0References2

NVD•added 2026/06/01 7:16 p.m.•7 views

CVE-2026-45690

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS0.0029EPSS

Exploits0References3

Cvelist•added 2026/06/01 5:8 p.m.•28 views

CVE-2026-45690 Nextcloud: Two-Factor Authentication Bypass via Pending Session Token Replay

5.9CVSS0.0029EPSS

Exploits0References3