Lucene search
K

2941 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

Microsoft PC Manager 后置链接漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. Microsoft PC Manager has a post-release link vulnerability. Attackers can...

7.8CVSS5.4AI score0.00329EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Microsoft PC Manager 权限许可和访问控制问题漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...

7.8CVSS5.8AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Microsoft Azure Attestation service and Device Health Attestation Service 输入验证错误漏洞

Microsoft Azure is an open enterprise-level cloud computing platform provided by Microsoft Corporation in the United States. The Microsoft Azure Attestation service and Device Health Attestation Service have vulnerabilities related to input validation. Attackers can exploit these vulnerabilities ...

3.9CVSS5.8AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48298

Name of the Vulnerable Software and Affected Versions MongoDB server affected versions not specified Description The server may log authentication parameters, including credentials, to the server log during SASL Simple Authentication and Security Layer authentication. This occurs when connection...

6.8CVSS5.2AI score0.00119EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6492

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...

6.9CVSS5.6AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-33584

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

5.3CVSS5.4AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.15 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.5AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.2AI score0.00476EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 5:49 p.m.15 views

EUVD-2026-31998

epa4all-client: Unauthenticated REST API for Patient Record Writes...

6.5CVSS5.8AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46857

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References5
NVD
NVD
added 2026/06/02 8:16 p.m.13 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS0.00229EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 6:5 p.m.20 views

CVE-2026-49120

Medplum's SSRF flaw (CVE-2026-49120) affects Medplum before 5.1.14 in the subscription worker. An authenticated user can create FHIR Subscription resources with arbitrary endpoint URLs, enabling server-side requests to internal addresses (e.g., metadata services, internal databases, container orc...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:5 p.m.8 views

CVE-2026-49120

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 6:5 p.m.11 views

EUVD-2026-33998

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 9:16 a.m.13 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00476EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/02 7:28 a.m.9 views

EUVD-2026-33884

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 7:28 a.m.10 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/02 7:28 a.m.44 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00476EPSS
Exploits1References2
Rows per page
Query Builder