PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

PT-2026-45858

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.6 authentik versions prior to 2026.2.4 authentik versions prior to 2026.5.1 Description An attacker who has the ability to modify a source connection and possesses an account in one of the configured sources...

BIT-AUTHENTIK-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

SUSE CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

Pocket ID 安全漏洞

Pocket ID is an open-source identity provider that supports passwordless authentication. Versions of Pocket ID prior to 2.4.0 contained a security vulnerability. This vulnerability stemmed from the OIDC token endpoint only refusing authorization codes when the client ID was incorrect and the code...

CVE-2026-29193

Technical details for CVE-2026-29193 are not publicly available in the provided documents. No affected products, versions, root cause, or patch specifics are described beyond the initial entry. Monitor for updates from vendors and security advisories.

EUVD-2024-2416

Malicious code in bioql PyPI...

EUVD-2024-42264

Malicious code in bioql PyPI...

EUVD-2024-45991

Malicious code in bioql PyPI...

EUVD-2025-22471

Malicious code in bioql PyPI...

EUVD-2024-2921

Malicious code in bioql PyPI...

EUVD-2023-30289

Malicious code in bioql PyPI...

EUVD-2022-48997

Malicious code in bioql PyPI...

EUVD-2024-2329

Malicious code in bioql PyPI...

EUVD-2024-45992

Malicious code in bioql PyPI...

CVE-2024-47070

authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. a. This results in a possibility of logging into any account with a known logi...

CVE-2025-29928

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

CVE-2024-38371

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

CVE-2024-42490

authentik (open-source Identity Provider) exposes certain API endpoints without proper authentication/authorization. Affected endpoints include /api/v3/crypto/certificatekeypairs//view_certificate/, /api/v3/crypto/certificatekeypairs//view_private_key/, and /api/v3/.../used_by/, where access depe...