Lucene search
K

15 matches found

EUVD
EUVD
added 2026/06/02 8:31 p.m.13 views

EUVD-2026-34030

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

9.8CVSS5.7AI score0.00405EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 8:30 p.m.12 views

EUVD-2026-34027

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:30 p.m.11 views

EUVD-2026-34025

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.8AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45859

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.6 authentik versions prior to 2026.2.4 authentik versions prior to 2026.5.1 Description authentik is an open-source identity provider. The Source stage can be bypassed by sending an empty POST request...

9.8CVSS5.8AI score0.00405EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.4 views

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

9.1CVSS6AI score0.00801EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0389

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00544EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14814

Malicious code in bioql PyPI...

8CVSS6.4AI score0.00364EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-48983

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01177EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-52300

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01237EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19409

Malicious code in bioql PyPI...

9.6CVSS6.4AI score0.00405EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-37284

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00585EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.19 views

CVE-2024-52307

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...

6.3CVSS6.8AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.8 views

CVE-2024-47077

authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...

6.5CVSS6.8AI score0.00417EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.10 views

CVE-2024-23647

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

8.8CVSS7.1AI score0.00544EPSS
Exploits0References1
Prion
Prion
added 2023/10/31 4:15 p.m.28 views

Design/Logic Flaw

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

7.5CVSS9.4AI score0.00654EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder