55 matches found
JLSEC-2026-518
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...
EUVD-2025-209900
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...
Joplin 安全漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.6.14 and earlier contained a security vulnerability. This vulnerability stemmed from insufficient length validation in the title input function, allowing attackers to exploit it by inserting...
Missing Authentication for Critical Function
Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...
Prefect Unauthenticated Event Injection via /api/events/in WebSocket
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
GHSA-HVPH-5985-R63V Prefect Unauthenticated Event Injection via /api/events/in WebSocket
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
CVE-2026-7723
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
CVE-2026-7723
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
EUVD-2026-26877
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...
PT-2026-36753
Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.14 Description A flaw in the WebSocket Endpoint component allows a remote attacker to perform a manipulation that leads to missing authentication. The issue is located within the '/api/events/in' endpoin...
CVE-2026-41263
CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...
CVE-2026-35051
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...
CVE-2026-35051
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2. These vulnerabilities stem from incomplete isolation of Kubernetes CRD-provided programs across namespaces, and lack restrictio...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. There were security vulnerabilities in versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2. These vulnerabilities stemmed from the StripPrefixRegex middleware, which, when used in conjunction with...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...