CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

CVE-2026-3514

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

CVE-2025-68153

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper authorization in the secret-set process. An attacker can gain unauthorized access to and modify Kubernetes secrets by exploiting insufficient access controls, allowing them to read or alter secret...

Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment in the secrets management process. An attacker can gain unauthorized access to sensitive information by exploiting a race condition between the generation of a secret ID and the creation of the secret's...

CVE-2024-49633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19...

CVE-2024-49633

CVE-2024-49633 affects the WordPress plugin DirectoryPress (vulnerable: ≤ 3.6.19) with a Reflected XSS caused by improper neutralization of input during web page generation. Wordfence reports this vulnerability in the DirectoryPress entry and notes it has been patched in 3.6.19 ; no exploit detai...

WordPress plugin DirectoryPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin DirectoryPress versions = 3.6.19...

MongoDB 3.6 < 3.6.19, 4.0 < 4.0.20, 4.2 < 4.2.9 DoS Vulnerability - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...