CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

EUVD-2026-33884

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers 1 introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and 2 pose "a severe...

PT-2026-32987

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

Important: Red Hat Security Advisory: Gatekeeper v3.17.1

Gatekeeper v3.17.1 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes subscription. Red Hat Produ...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation

Cyberattacks are on the rise, with bad actors accelerating their nefarious exfiltration of valuable and confidential data from financial institutions, Federal agencies, healthcare organizations, and more. According to an IBM study, the Financial Services industry saw an increase in the cost of da...

Thawing Out the Chilling Effect Of DMCA Section 1201

The Copyright Office has issued the latest rules on exemptions to Section 1201 of the Digital Millennium Copyright Act DMCA. Great news: Legal protections for independent security research have once again been meaningfully strengthened. On the whole, these protections are now significantly greate...

Copyright Office Calls For New Cybersecurity Researcher Protections

On Jun. 22, the US Copyright Office released its long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act DMCA, and it has important implications for independent cybersecurity researchers. Mostly the news is very positive. Rapid7 advocated extensively for researcher protections to ...

EFF Files Lawsuit Challenging DMCA's Restrictions Security Researchers

The Electronic Frontier Foundation filed a lawsuit Thursday against the U.S. Government over a provision within the Digital Millennium Copyright Act that it says impinges on free speech and hobbles security researchers ability to do their job. The lawsuit asks the court to strike down the highly...

Car Hacking, Mobile Jailbreaking Among DCMA Exemptions Granted

Car hackers and jailbreakers today apparently got a green light from the Librarian of Congress David Mao to tinker away. The Library of Congress’ triennial exemptions to the anti-circumvention rules within the Digital Copyright Millennium Act DCMA were released today, and among the exemptions to...

Support Policy Exempt

Support Policy Exempt...