CVE-2026-45629

creationtimestamp| type| source ---|---|--- 2026-05-29 20:30:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzew26v5d2h 2026-05-30 17:01:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3jp7itoj25...

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...

CVE-2026-45625

creationtimestamp| type| source ---|---|--- 2026-05-29 20:24:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzekopabw2s 2026-05-30 05:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn2bffor7p2e...

CVE-2026-45633

creationtimestamp| type| source ---|---|--- 2026-05-29 20:21:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzefsabjs2g 2026-05-30 04:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn262srnhk26...

CVE-2026-45661

creationtimestamp| type| source ---|---|--- 2026-05-29 20:19:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzebcqru52h 2026-05-30 04:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn2632dgwx2g...

CVE-2026-45627

creationtimestamp| type| source ---|---|--- 2026-05-29 20:14:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzdzd6pls2x 2026-05-30 05:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn2bfmxvw623...

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

CVE-2026-45630

creationtimestamp| type| source ---|---|--- 2026-05-29 20:12:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzdvqcmqf25 2026-05-30 03:00:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn22pdpjxs2j...

CVE-2026-49372

creationtimestamp| type| source ---|---|--- 2026-05-29 20:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzd7ww25p2i...

CVE-2026-47179

creationtimestamp| type| source ---|---|--- 2026-05-29 19:01:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz7wmqkjr2m...

CVE-2026-10067

creationtimestamp| type| source ---|---|--- 2026-05-29 18:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz4jugvee2d...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47140 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47140 Source advisory: SNYK:JS-VM2-17111172...

CVE-2026-49325

creationtimestamp| type| source ---|---|--- 2026-05-29 17:46:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz3pk7woo2r...

CVE-2026-49317

creationtimestamp| type| source ---|---|--- 2026-05-29 17:41:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz3gkkhag2x...

CVE-2026-10062

creationtimestamp| type| source ---|---|--- 2026-05-29 17:25:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz2lnkykd2j 2026-05-30 22:01:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn42gsxz3726 2026-06-22 00:24:41+00:00| seen|...

CVE-2026-49316

creationtimestamp| type| source ---|---|--- 2026-05-29 17:20:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz2coquwy2x...

CVE-2026-49318

creationtimestamp| type| source ---|---|--- 2026-05-29 17:12:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyzuc3gii2e...

CVE-2026-41159

creationtimestamp| type| source ---|---|--- 2026-05-29 17:09:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyzocxki62e...

CVE-2026-41150

creationtimestamp| type| source ---|---|--- 2026-05-29 17:06:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyziwxpd32x...

CVE-2026-4290

creationtimestamp| type| source ---|---|--- 2026-05-29 17:03:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyze2gkgz2i 2026-05-30 21:01:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3x3mmnov2p...