109884 matches found
CVE-2026-49120
creationtimestamp| type| source ---|---|--- 2026-06-02 21:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndihgn75l25 2026-06-02 23:56:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndsaysdgm27...
CVE-2019-25723
creationtimestamp| type| source ---|---|--- 2026-06-02 20:59:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndifittff27...
CVE-2026-5076
creationtimestamp| type| source ---|---|--- 2026-06-02 20:57:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndibeexqb2m 2026-06-02 21:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndih7w5ct25 2026-06-03 02:06:19+00:00| seen|...
CVE-2026-35049
creationtimestamp| type| source ---|---|--- 2026-06-02 20:55:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndi5jf4732j...
CVE-2026-5073
creationtimestamp| type| source ---|---|--- 2026-06-02 20:49:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhtf445z2f 2026-06-02 21:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndigzd4da22 2026-06-09 07:03:56+00:00| confirmed|...
CVE-2026-48595
creationtimestamp| type| source ---|---|--- 2026-06-02 20:47:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhqfcwzz23 2026-06-06 11:00:14+00:00| published-proof-of-concept| Telegram/MkZOGQrZR4dMhKDK0OVbcEjJF0IE8jmF8NR0mdJeKW4f6Q 2026-06-09 15:00:12+00:00|...
CVE-2026-49448 authentik: SourceStage bypass via empty POST
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
CVE-2026-49448
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
EUVD-2026-34030
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...
CVE-2026-49448
CVE-2026-49448 affects authentik (open-source identity provider). The issue allows bypass of the Source stage by sending an empty POST, as described in both the CVE entry and CVE list. Affected versions are prior to 2025.12.6, 2026.2.4, and 2026.5.1. The vulnerability is assessed with a high impa...
EUVD-2026-34028
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-49443
This CVE affects authentik, an open-source identity provider. Affected: UserSourceConnection.user and GroupSourceConnection.group are changeable via the API, allowing an attacker who can modify a source connection and possesses an account in one configured source to log into any account. Root cau...
CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...
CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...
CVE-2026-47201
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...
EUVD-2026-34026
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...
CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-40780
creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndf43bdsq25...