Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

344 matches found

Positive Technologies
Positive Technologiesadded 4 days ago12 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions langflow versions prior to 1.9.1 Description An Insecure Direct Object Reference IDOR exists in the '/api/v1/responses' endpoint. This issue allows an authenticated attacker to execute any flow belonging to another user by specifying the...

9.9CVSS5.9AI score
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/06/12 1:9 a.m.11 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00429EPSS
Exploits1References4
NVD
NVDadded 2026/06/11 9:16 p.m.8 views

CVE-2026-41005

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.9 views

PT-2026-48733

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions 2.0.0 through 78.13.0 Cloud Foundry CF Deployment versions prior to 56.1.0 Description Cloud Foundry UAA incorrectly treats XML encryption to the Service Provider as a substitute for XML signatures from the Identity...

9CVSS5.2AI score0.00122EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/06/08 12:51 p.m.7 views

Important: Red Hat Security Advisory: Network Observability 1.12.0 for OpenShift

Network Observability 1.12 for Red Hat OpenShift. Network flows collector and monitoring solution...

9.8CVSS6.9AI score0.00611EPSS
Exploits3References7
RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.6 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:35 p.m.6 views

CVE-2026-5296

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

4.3CVSS5.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.7 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.4AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:21 p.m.8 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.2AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:19 p.m.7 views

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS7.9AI score0.00809EPSS
Exploits1References1
Microsoft Secure
Microsoft Secureadded 2026/06/04 7:14 p.m.6 views

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

In this article 1. Why the Taxonomy Needed Updating 2. Seven new failure modes 3. Operational findings: What red teaming showed 4. New mitigations 5. What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic AI Systems in April 2025, the goal was a...

8.8CVSS7.2AI score0.09563EPSS
Exploits5
NVD
NVDadded 2026/06/02 9:16 a.m.11 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00395EPSS
Exploits1References2
CVE
CVEadded 2026/06/02 7:28 a.m.24 views

CVE-2026-3514

The CVE-2026-3514 entry describes an authentication bypass in prefecthq/prefect v3.6.19 caused by the authentication middleware exempting URL paths ending with “health” or “ready” from authentication checks. This bypass enables unauthorized access to resources via name-based endpoints for variabl...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/06/02 7:28 a.m.40 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS0.00395EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/06/02 7:28 a.m.8 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References2
EUVD
EUVDadded 2026/06/02 7:28 a.m.7 views

EUVD-2026-33884

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:28 a.m.7 views

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.8 views

PT-2026-45704

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7.1AI score0.00395EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/05/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-5296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.9 views

PT-2026-47588

Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes using federation peer authentication paths from affected versions. The primary impact is availability and reliability of authenticated...

7.1CVSS5.4AI score
Exploits0References6
Rows per page
Query Builder