129 matches found
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...
EUVD-2002-1088
Malware in sbrugna...
EUVD-2010-1669
Malware in sbrugna...
EUVD-2004-1433
Malware in sbrugna...
EUVD-2025-8243
Malicious code in bioql PyPI...
EUVD-2025-23134
Malicious code in bioql PyPI...
EUVD-2021-9173
Malicious code in bioql PyPI...
EUVD-2023-58877
Malicious code in bioql PyPI...
EUVD-2025-25596
Malicious code in bioql PyPI...
EUVD-2025-22104
Malicious code in bioql PyPI...
EUVD-2025-32312
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request...
CVE-2025-56551
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request...
CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...
CVE-2025-57770
ZITadel CVE-2025-57770 describes a username enumeration flaw in the login UI. Affected versions include 4.0.0–4.0.2, 3.0.0–3.3.6, and all versions before 2.71.15. The login flow’s Ignoring unknown usernames security feature, intended to return the same response for valid and invalid usernames, ca...
Secure LogIn and SignUp API in PHP 安全漏洞
Secure LogIn and SignUp API in PHP is a security interface software by Vishnu Sivadas Individual Developer. A security vulnerability exists in Secure LogIn and SignUp API in PHP, which stems from an insecure SQL query construct in DataBase.php that could lead to SQL injection...
PT-2025-34464 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: Zitadel versions 4.0.0 through 4.0.2 Zitadel versions 3.0.0 through 3.3.6 Zitadel versions prior to 2.71.15 Description: Zitadel allows administrators to disable user self-registration. A username enumeration issue exists in the login interfa...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...