Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52177 matches found

NVD
NVDadded 2026/05/26 10:16 p.m.13 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS0.00006EPSS
Exploits0References2
NVD
NVDadded 2026/05/26 9:16 p.m.12 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00021EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 9:4 p.m.10 views

CVE-2026-44900

CVE-2026-44900 affects epa4all-client (Java client for epa4all / ePA 3.0). The root cause is in SignedPublicKeysTrustValidatorImpl.isTrusted(): the ECDSA verification step discards the boolean result from Signature.verify(), performing certificate chain validation, OCSP check, and signature algor...

8.1CVSS5.8AI score0.00006EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 9:4 p.m.8 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00006EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/26 9:4 p.m.12 views

EUVD-2026-32002

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00006EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/26 9:4 p.m.6 views

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00006EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 9:4 p.m.27 views

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS0.00006EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 9:3 p.m.13 views

CVE-2026-45574

The CVE affects the epa4all-client Java library (for epa4all / ePA 3.0). Before version 1.2.2, a network-path attacker could present any TLS certificate (self-signed/expired/wrong CN) and intercept SOAP traffic, exposing KVNRs, SMC-B authentication/signing, document content, and credential exchan...

8.1CVSS5.8AI score0.00007EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 9:3 p.m.28 views

CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS0.00007EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 9:3 p.m.10 views

EUVD-2026-32001

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00007EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 9:1 p.m.12 views

CVE-2026-45575

The CVE concerns the epa4all-client Java client for epa4all/ePA 3.0. Before 1.2.2, an attacker who can perform a TLS man-in-the-middle between the client and the IDP within the TI network can substitute a forged discovery document. This redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-co...

7.4CVSS5.8AI score0.00009EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 9:1 p.m.9 views

EUVD-2026-32000

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS5.8AI score0.00009EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 9:1 p.m.11 views

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS5.8AI score0.00009EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/26 9:1 p.m.32 views

CVE-2026-45575 epa4all-client: Improper Verification of Cryptographic Signature

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

7.4CVSS0.00009EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/26 8:59 p.m.8 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:59 p.m.10 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00021EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/26 8:59 p.m.14 views

CVE-2026-47672

CVE-2026-47672 affects the Java client epa4all-client for epa4all/ePA 3.0. In version 1.2.4 and earlier, a network-reachable caller can write arbitrary documents to any patient electronic health record (EHR) accessible by the institution’s SMC-B card. In misconfigured deployments (e.g., following...

6.5CVSS5.9AI score0.00021EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 8:59 p.m.33 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00021EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.7 views

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

8.7CVSS5.9AI score0.00153EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.8 views

CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

7.1CVSS5.7AI score0.00011EPSS
Exploits0References1
Rows per page
Query Builder