CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

GHSA-6RR6-V7CJ-MXPG Prefect Auth Bypass via endswith() Health Check Exemption

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7722

CVE-2026-7722 affects PrefectHQ Prefect up to 3.6.21, specifically the Health Check API at /api/health where the endswith function is implicated. The issue enables a remotely carried out manipulation resulting in improper authentication. Public exploitation is indicated in the description. A patc...

EUVD-2026-26875

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7722 PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

PT-2026-31912

Name of the Vulnerable Software and Affected Versions Juju versions prior to 2.9.57 and 3.6.21 Description Juju versions prior to 2.9.57 and 3.6.21 contain an authorization issue in the Controller facade. An authenticated user can call the CloudSpec API method to extract cloud credentials used fo...

PT-2025-33297 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 10.12 compatible versions prior to 4.0.3 Mendix SAML Mendix 10.21 compatible versions prior to 4.1.2 Mendix SAML Mendix 9.24 compatible versions prior to 3.6.21 Description: The Mendix SAML module insufficiently enforces...

CVE-2024-49375

CVE-2024-49375 affects Rasa (Open Source and Pro). Remote Code Execution is possible when a malicious model is loaded into a Rasa instance via the HTTP API, with API enabled (--enable-api) and depending on authentication configuration. Unauthenticated RCE requires no auth and is more severe; auth...

PT-2021-2652 · Mongodb · Mongodb Database Tools

Name of the Vulnerable Software and Affected Versions: MongoDB Database Tools versions 3.6.6 through 3.6.20 MongoDB Database Tools versions prior to 3.6.21 MongoDB Database Tools versions prior to 4.0.21 MongoDB Database Tools versions prior to 4.2.11 MongoDB Database Tools 100 versions prior to...