Lucene search
K

129 matches found

Vulnrichment
Vulnrichment
added 2025/12/09 10:7 p.m.2 views

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS6.6AI score0.0046EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/12/09 10:7 p.m.23 views

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS0.0046EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-1088

Malware in sbrugna...

5CVSS6.4AI score0.01657EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-1669

Malware in sbrugna...

6.8CVSS6.1AI score0.00611EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-1433

Malware in sbrugna...

7.5CVSS6.4AI score0.03142EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-8243

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00415EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23134

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00249EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9173

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00994EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58877

Malicious code in bioql PyPI...

9.8CVSS7.7AI score0.03766EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25596

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.0035EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-22104

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 12:0 a.m.5 views

EUVD-2025-32312

An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request...

8.2CVSS6.4AI score0.00339EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.17 views

CVE-2025-56551

An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request...

0.00339EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/22 4:50 p.m.9 views

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

5.3CVSS0.0035EPSS
Exploits0References6
CVE
CVE
added 2025/08/22 4:50 p.m.19 views

CVE-2025-57770

ZITadel CVE-2025-57770 describes a username enumeration flaw in the login UI. Affected versions include 4.0.0–4.0.2, 3.0.0–3.3.6, and all versions before 2.71.15. The login flow’s Ignoring unknown usernames security feature, intended to return the same response for valid and invalid usernames, ca...

5.3CVSS6.8AI score0.0035EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.3 views

Secure LogIn and SignUp API in PHP 安全漏洞

Secure LogIn and SignUp API in PHP is a security interface software by Vishnu Sivadas Individual Developer. A security vulnerability exists in Secure LogIn and SignUp API in PHP, which stems from an insecure SQL query construct in DataBase.php that could lead to SQL injection...

9.8CVSS7.4AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.11 views

PT-2025-34464 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions 4.0.0 through 4.0.2 Zitadel versions 3.0.0 through 3.3.6 Zitadel versions prior to 2.71.15 Description: Zitadel allows administrators to disable user self-registration. A username enumeration issue exists in the login interfa...

5.3CVSS7.5AI score0.0035EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.5 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS7AI score0.00249EPSS
Exploits1References1
OSV
OSV
added 2025/07/30 12:15 a.m.4 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS5.8AI score0.00249EPSS
Exploits1References1
NVD
NVD
added 2025/07/30 12:15 a.m.11 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS0.00249EPSS
Exploits1References1
Rows per page
Query Builder