CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

Defending against evolving identity attack techniques

In today’s evolving cyber threat landscape, threat actors are committed to advancing the sophistication of their attacks. The increasing adoption of essential security features like multifactor authentication MFA, passwordless solutions, and robust email protections has changed many aspects of th...

CVE-2025-2102

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-0372

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2024-29143

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2...

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

CVE-2023-24093

An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password...

CVE-2023-22906

Hero Qubo HCD0102V1.3820220125 devices allow TELNET access with root privileges by default, without a password...

CVE-2025-2102

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-2102

CVE-2025-2102 is an improper Link Resolution Before File Access (Link Following) vulnerability in HYPR Passwordless for Windows, affecting versions prior to 10.1. The issue creates local privilege escalation when a high-privilege user can trigger link-following before file access, with a CVSS 4.0...

CVE-2025-2102

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-2102

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-0372

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-0372

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-0372

CVE-2025-0372 describes a race condition in HYPR Passwordless on Windows caused by improper synchronization when using shared resources. The vulnerability affects HYPR Passwordless versions before 10.1 and enables privilege escalation with a local attack vector. The CVSS data indicates low confid...

CVE-2025-0372

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

HYPR Passwordless 安全漏洞

HYPR Passwordless is an identity security solution from HYPR. A security vulnerability exists in HYPR Passwordless versions prior to 10.1, which stems from improper link resolution prior to file access and could lead to elevation of privilege...

HYPR Passwordless 安全漏洞

HYPR Passwordless is an identity security solution from HYPR. A security vulnerability exists in HYPR Passwordless versions prior to 10.1 that stems from improper synchronization of shared resources resulting in a competitive condition that could lead to elevated privileges...

PT-2025-22401 · Hypr · Hypr Passwordless

Name of the Vulnerable Software and Affected Versions: HYPR Passwordless versions prior to 10.1 Description: The issue is related to an Improper Link Resolution Before File Access, also known as 'Link Following', which allows Privilege Escalation in HYPR Passwordless on Windows. Recommendations:...

PT-2025-22400 · Hypr · Hypr Passwordless

Name of the Vulnerable Software and Affected Versions: HYPR Passwordless versions prior to 10.1 Description: The issue is related to a 'Race Condition' vulnerability due to improper synchronization when using shared resources, allowing privilege escalation. This vulnerability affects HYPR...