212 matches found
CVE-2026-4989
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...
CVE-2026-4989
The CVE-2026-4989 entry describes a vulnerability in Devolutions Server where improper input validation in the gateway health check enables a low-privilege authenticated user to trigger server-side request forgery (SSRF) and potentially disclose information. Affected versions include 2026.1.1–202...
PT-2026-29541
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...
Blueprint-POC
Sales-to-Delivery Agent Orchestration System - POC Phase 1...
Authentication Bypass via endswith() Health Check Exemption Allows Unauthenticated Access to Variables/Secrets in prefecthq/prefect
Description When PREFECTSERVERAPIAUTHSTRING is configured, Prefect Server's authentication middleware exempts any URL path ending with "health" or "ready" to allow health check probes. However, multiple API endpoints accept user-controlled string names as URL path parameters e.g.,...
389-ds-base security update
3.1.3-7 - Bump version to 3.1.3-7 - Resolves: RHEL-117764 - Replication online reinitialization of a large database gets stalled. rhel-10.1.z - Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with IDL scan limit at INTMAX rhel-10.1.z - Resolves: RHEL-123281 - The new...
io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability
A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...
EUVD-2026-3513
Malicious code in health-check-node npm...
MAL-2026-362 Malicious code in health-check-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7973f13d7c4d97055a6036168bc96953d8faf1d68944505f62cba678f942e The package health-check-node was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview health-check-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in health-check-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7973f13d7c4d97055a6036168bc96953d8faf1d68944505f62cba678f942e The package health-check-node was found to contain malicious code. Source: ghsa-malware...
CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about...
CVE-2025-66560
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...
CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...
PT-2026-1858
Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.31.0 Quarkus versions prior to 3.27.2 Quarkus versions prior to 3.20.5 Description Quarkus is a Cloud Native framework for Java applications. A flaw exists in the HTTP layer related to response handling. When writin...
Malicious code in system-health-check-test-unique (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10bfd6e986187675dd7d7e3a8f860807e408fd6a91694ca0e0128be83fa8fc47 Importing the module exfiltrates content of /var/www/html to a remote host --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-192679 Malicious code in system-health-check-test-unique (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10bfd6e986187675dd7d7e3a8f860807e408fd6a91694ca0e0128be83fa8fc47 Importing the module exfiltrates content of /var/www/html to a remote host --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
CVE-2025-64253
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through = 1.7.1...