Lucene search
K

10 matches found

OSV
OSV
added 2026/03/11 9:37 p.m.12 views

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS5.8AI score0.00584EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:9 p.m.2 views

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

7.7CVSS5.7AI score0.00318EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 7:21 p.m.6 views

CVE-2025-64102

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

9.8CVSS6.7AI score0.00353EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8871

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00487EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/05/30 6:30 a.m.8 views

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.1CVSS8.4AI score0.00358EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.8 views

CVE-2024-47060

Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized acces...

6.5CVSS6.7AI score0.00357EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.6 views

CVE-2023-47111

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

7.3CVSS6.9AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/02 8:31 p.m.6 views

CVE-2025-31124

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:9 a.m.8 views

CVE-2024-46999

Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...

7.3CVSS6.6AI score0.00332EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:6 a.m.9 views

CVE-2024-28197

Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and...

7.5CVSS6.1AI score0.00335EPSS
Exploits0References1
Rows per page
Query Builder