CVE-2026-49443

This CVE affects authentik, an open-source identity provider. Affected: UserSourceConnection.user and GroupSourceConnection.group are changeable via the API, allowing an attacker who can modify a source connection and possesses an account in one configured source to log into any account. Root cau...

CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

CVE-2026-47201

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

EUVD-2026-34026

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

CVE-2026-40780

creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndf43bdsq25...

CVE-2026-23793

creationtimestamp| type| source ---|---|--- 2026-06-02 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities20260603...

CVE-2025-11159

creationtimestamp| type| source ---|---|--- 2026-06-02 19:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mnddruamlq2f 2026-06-03 00:35:48+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mnduhvraxk2u...

EUVD-2026-34010

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

Cross-site Scripting (XSS)

Overview @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of the HTTP Location header value in redirect HTML prerendering when using Framework Mode. An attacker can execute...

CVE-2026-7312

creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnd6h2hiip2w 2026-06-03 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndz7plsio22 2026-06-04 14:37:07+00:00| seen|...

CVE-2026-0611

creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnd6gyxgaw2d 2026-06-02 19:19:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndcspr76u27 2026-06-03 05:02:32+00:00| seen|...

CVE-2026-24237

creationtimestamp| type| source ---|---|--- 2026-06-02 18:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnd6flsf6b2u...

CVE-2026-24221

creationtimestamp| type| source ---|---|--- 2026-06-02 18:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnd6febj5d2q...

CVE-2026-40715

creationtimestamp| type| source ---|---|--- 2026-06-02 18:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnd6f4rnyv2r...

CVE-2026-10591

creationtimestamp| type| source ---|---|--- 2026-06-02 17:49:49+00:00| seen| https://bsky.app/profile/alexpulver.bsky.social/post/3mnd5rysb5f2t 2026-06-02 20:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndf4cjhad2d 2026-06-04 04:52:39+00:00| seen|...

CVE-2026-47117

creationtimestamp| type| source ---|---|--- 2026-06-02 17:44:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnd5hwnzk62l 2026-06-02 19:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndbqpkwoj23...

CVE-2026-45553

creationtimestamp| type| source ---|---|--- 2026-06-02 17:39:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnd56y2qil2t 2026-06-02 19:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndbr5fszz2f...

CVE-2026-48862

creationtimestamp| type| source ---|---|--- 2026-06-02 17:34:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnd4vzmrwx2t...