Lucene search
K

2947 matches found

CVE
CVE
added 2026/06/02 6:5 p.m.20 views

CVE-2026-49120

Medplum's SSRF flaw (CVE-2026-49120) affects Medplum before 5.1.14 in the subscription worker. An authenticated user can create FHIR Subscription resources with arbitrary endpoint URLs, enabling server-side requests to internal addresses (e.g., metadata services, internal databases, container orc...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 9:16 a.m.13 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00476EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/02 7:28 a.m.9 views

EUVD-2026-33884

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 7:28 a.m.10 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:28 a.m.8 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/02 7:28 a.m.44 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00476EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 7:28 a.m.35 views

CVE-2026-3514

The CVE-2026-3514 entry describes an authentication bypass in prefecthq/prefect v3.6.19 caused by the authentication middleware exempting URL paths ending with “health” or “ready” from authentication checks. This bypass enables unauthorized access to resources via name-based endpoints for variabl...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45704

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00476EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Prefect 安全漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Version 3.6.19 of Prefect contains a security vulnerability. This vulnerability stems from improper handling of URL paths for...

7.5CVSS5.3AI score0.00476EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 6:17 p.m.12 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS0.0028EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:58 p.m.18 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 4:58 p.m.12 views

EUVD-2026-33368

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 4:58 p.m.12 views

CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 4:58 p.m.37 views

CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS0.0028EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 4:58 p.m.29 views

CVE-2026-5768

CVE-2026-5768 concerns the Frontier X2 device and Frontier X mobile app, where unauthenticated BLE read/write access to critical GATT characteristics enables attackers within BLE range to control device functions, trigger vibrations, cause DoS, and forge health telemetry by impersonating devices ...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44968

Name of the Vulnerable Software and Affected Versions Frontier X2 affected versions not specified Frontier X mobile application affected versions not specified Description The Frontier X2 device permits unauthenticated Bluetooth Low Energy BLE read and write access to critical Generic Attribute...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.11 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.13 views

SUSE CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

5.8AI score0.00118EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 9:16 p.m.20 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00162EPSS
Exploits0References2
Rows per page
Query Builder