CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•2 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

Cvelist•added yesterday•34 views

CVE-2026-3514 Authentication Bypass in prefecthq/prefect

7.5CVSS0.00083EPSS

CVE•added yesterday•3 views

CVE-2026-3514

The CVE-2026-3514 entry describes an authentication bypass in prefecthq/prefect v3.6.19 caused by the authentication middleware exempting URL paths ending with “health” or “ready” from authentication checks. This bypass enables unauthorized access to resources via name-based endpoints for variabl...

Exploits1References2Affected Software1

EUVD•added yesterday•3 views

EUVD-2026-33884

ATTACKERKB•added yesterday•4 views

CVE-2026-3514

Positive Technologies•added yesterday•3 views

Exploits1References3

PT-2026-45704

Cvelist•added 2026/05/27 3:47 p.m.•37 views

Exploits1References3

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS0.00052EPSS

Exploits1References4

CVE•added 2026/05/27 3:47 p.m.•9 views

CVE-2026-44321

The CVE concerns free5GC SMF (v4.2.x) where the UPI route group lacked inbound OAuth middleware, allowing an unauthenticated POST to /upi/v1/upNodesLinks to trigger a validation failure that calls Fatalf, terminating the entire SMF process. Specifically, an attacker-controlled JSON payload can tr...

7.5CVSS5.8AI score0.00052EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/27 3:47 p.m.•3 views

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

7.5CVSS5.8AI score0.00052EPSS

Exploits1References4

RedHat Linux•added 2026/05/20 12:47 p.m.•3 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.00043EPSS

Exploits0References6

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed the warnings regarding page destruction. With multiple page pools, and in some other cases, it’s possible for niovs to be allocated during page pool destruction. We’ve removed the unnecessary warning check...

5.5CVSS5.8AI score0.00027EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Initialize the restricted pool listhead when SWIOTLBDYNAMIC=y. Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash during boot-time...

5.5CVSS6.2AI score0.00035EPSS

Github Security Blog•added 2026/05/08 10:47 p.m.•5 views

free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware same root cause as free5gc/free5gc887. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration, which calls...

7.5CVSS5.9AI score0.00052EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/05/06 8:7 p.m.•3 views

CVE-2026-43174

A flaw was found in the Linux kernel's iouring/zcrx subsystem. Incorrect error handling during post-open operations allows for the direct release of zcrx ctx without ensuring that all associated page pools are properly terminated. This resource management issue could lead to system instability or...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References4

EUVD•added 2026/05/06 12:30 p.m.•0 views

EUVD-2026-27733

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...

5.8AI score0.00014EPSS

Exploits0References3

NVD•added 2026/05/06 12:16 p.m.•0 views

CVE-2026-43174

5.5CVSS0.00014EPSS

CVE•added 2026/05/06 11:27 a.m.•3 views

CVE-2026-43174

The CVE-2026-43174 issue is in the Linux kernel’s io_uring/zcrx subsystem. Descriptions across multiple sources state that post-open error handling was fixed to avoid releasing the zcrx context before all associated page pools are terminated, addressing improper resource cleanup. The practical im...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/06 11:27 a.m.•21 views

CVE-2026-43174 io_uring/zcrx: fix post open error handling

0.00014EPSS