CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

EUVD-2026-11412

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

SUSE CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no...

PT-2021-15144 · Unknown · Exposure Notification Server

Name of the Vulnerable Software and Affected Versions: Exposure Notification server versions prior to V1.1.2 Description: An attacker could prematurely expire a verification code, making it unusable by the patient, and preventing the patient from uploading their TEKs to generate exposure...

Grab: Two-factor authentication bypass on Grab Android App

Description I found the endpoint using android app https://p.grabtaxi.com/api/passenger/v2/profiles/edit which allow me to bypass 2FA sms code due to lack of rate limiting\code expiration after unsuccessful attempts. The root cause of the problem it that facts: no rate limiting+ no code expiratio...