108641 matches found
CVE-2026-49448
CVE-2026-49448 affects authentik (open-source identity provider). The issue allows bypass of the Source stage by sending an empty POST, as described in both the CVE entry and CVE list. Affected versions are prior to 2025.12.6, 2026.2.4, and 2026.5.1. The vulnerability is assessed with a high impa...
CVE-2026-49448
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
CVE-2026-49448 authentik: SourceStage bypass via empty POST
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
EUVD-2026-34030
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
EUVD-2026-34028
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443
This CVE affects authentik, an open-source identity provider. Affected: UserSourceConnection.user and GroupSourceConnection.group are changeable via the API, allowing an attacker who can modify a source connection and possesses an account in one configured source to log into any account. Root cau...
CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-47201
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...
CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...
EUVD-2026-34026
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...
CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-40780
creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndf43bdsq25...
CVE-2026-23793
creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities20260603...
CVE-2025-11159
creationtimestamp| type| source ---|---|--- 2026-06-02 19:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mnddruamlq2f 2026-06-03 00:35:48+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mnduhvraxk2u...
EUVD-2026-34010
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
Cross-site Scripting (XSS)
Overview @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of the HTTP Location header value in redirect HTML prerendering when using Framework Mode. An attacker can execute...
CVE-2026-7312
creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnd6h2hiip2w 2026-06-03 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndz7plsio22 2026-06-04 14:37:07+00:00| seen|...
CVE-2026-0611
creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnd6gyxgaw2d 2026-06-02 19:19:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndcspr76u27 2026-06-03 05:02:32+00:00| seen|...