2941 matches found
Microsoft PC Manager 后置链接漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. Microsoft PC Manager has a post-release link vulnerability. Attackers can...
Microsoft PC Manager 权限许可和访问控制问题漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...
Microsoft Azure Attestation service and Device Health Attestation Service 输入验证错误漏洞
Microsoft Azure is an open enterprise-level cloud computing platform provided by Microsoft Corporation in the United States. The Microsoft Azure Attestation service and Device Health Attestation Service have vulnerabilities related to input validation. Attackers can exploit these vulnerabilities ...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...
PT-2026-48298
Name of the Vulnerable Software and Affected Versions MongoDB server affected versions not specified Description The server may log authentication parameters, including credentials, to the server log during SASL Simple Authentication and Security Layer authentication. This occurs when connection...
CVE-2026-6492
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...
CVE-2026-33584
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
CVE-2026-34457
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...
CVE-2026-3514
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...
CVE-2026-5768
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
EUVD-2026-31998
epa4all-client: Unauthenticated REST API for Patient Record Writes...
PT-2026-46857
Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...
CVE-2026-49120
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...
CVE-2026-49120
Medplum's SSRF flaw (CVE-2026-49120) affects Medplum before 5.1.14 in the subscription worker. An authenticated user can create FHIR Subscription resources with arbitrary endpoint URLs, enabling server-side requests to internal addresses (e.g., metadata services, internal databases, container orc...
CVE-2026-49120
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...
EUVD-2026-33998
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...
CVE-2026-3514
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...
EUVD-2026-33884
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...
CVE-2026-3514 Authentication Bypass in prefecthq/prefect
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...
CVE-2026-3514 Authentication Bypass in prefecthq/prefect
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...