15 matches found
BIT-AUTHENTIK-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
BIT-AUTHENTIK-2024-47077 authentik cross-provider token validation problems
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4597 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4597
CVE-2026-4597 affects the 648540858 wvp-GB28181-pro product up to version 2.7.4. The vulnerability is in the function selectAll within the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the Stream Proxy Query Handler . The issue results in an SQL inj...
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4597 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-25748
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748
The vulnerability CVE-2026-25748 affects authentik prior to 2025.10.4 and 2025.12.4 in the Proxy Provider when used with Traefik or Caddy as reverse proxy. A malformed cookie could bypass authentication during forward authentication, causing missing authentik headers (X-Authentik-*) and potential...
PT-2026-7893
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 Description authentik is an open-source identity provider. A malformed cookie could bypass authentication when using forward authentication with the authentik Proxy...
EUVD-2024-42264
Malicious code in bioql PyPI...
CVE-2024-47077
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...
CVE-2024-47077
CVE-2024-47077 affects authentik (open-source identity provider). The issue: access tokens issued to one application can be stolen by that application and used to impersonate users against other proxy providers, and tokens legitimately issued for one app can be used to access another app the user...
PT-2024-32393
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.3 authentik versions prior to 2024.6.5 Description The issue allows access tokens issued to one application to be stolen and used to impersonate the user against any other proxy provider. A user can also stea...