CVE-2026-29067 ZITADEL: Account Takeover Due to Improper Instance Validation in V2 Login

ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password rese...

CVE-2026-29067 ZITADEL: Account Takeover Due to Improper Instance Validation in V2 Login

ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password rese...

GO-2025-4212 ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel

ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

EUVD-2025-201821

ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login...

CVE-2006-4936

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...

Network Olympus SQL注入漏洞

Network Olympus is Softinventive Lab's enterprise network for agentless monitoring. Network Olympus version 1.8.0 is vulnerable to SQL injection, which stems from a missing sqlparameter JSON parameter in /api/eventinstance validation of external input SQL statements. An attacker could exploit thi...