Lucene search
K

56 matches found

SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS5.7AI score0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 10:21 a.m.4 views

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS5.7AI score0.00309EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:21 a.m.3 views

CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS5.7AI score0.00309EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/20 10:21 a.m.4 views

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS6.2AI score0.00309EPSS
Exploits0References6
OSV
OSV
added 2026/03/18 5:25 p.m.7 views

GHSA-G2PF-WW5M-2R9M Zitadel is missing enforcement of organization scopes

Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...

5.3CVSS5.7AI score0.00309EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/18 5:25 p.m.7 views

Zitadel is missing enforcement of organization scopes

Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...

5.3CVSS5.7AI score0.00309EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26195

Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/01/19 2:22 p.m.3 views

CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...

8.5CVSS5.4AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/01/19 2:22 p.m.3 views

EEF-CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...

8.5CVSS5.5AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19735

Malware in sbrugna...

9CVSS8.6AI score0.01147EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7999

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1780

Malicious code in bioql PyPI...

8.1CVSS6.2AI score0.00694EPSS
Exploits0References11
NVD
NVD
added 2025/03/24 5:15 p.m.8 views

CVE-2025-30112

On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a...

7.1CVSS0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/24 12:0 a.m.7 views

CVE-2025-30112

On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a...

7.1AI score0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

70mai Dash Cam 1S 安全漏洞

70mai Dash Cam 1S is a car recorder from 70mai 70mai. The 70mai Dash Cam 1S suffers from a security vulnerability that originates from the fact that an attacker can bypass the device authorization mechanism of the official mobile application by connecting directly to the device's network and...

7.1CVSS6.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2025/03/24 12:0 a.m.82 views

CVE-2025-30112

The CVE-2025-30112 entry concerns the 70mai Dash Cam 1S. The available connected sources describe a network-accessible bypass of the official mobile-app authorization by directly connecting to the device’s network and accessing the API on port 80 and RTSP on port 554. The root cause is an inadequ...

7.1CVSS7.1AI score0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 11:46 a.m.7 views

CVE-2024-9340

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

7.5CVSS7.1AI score0.00896EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/20 10:15 a.m.24 views

PYSEC-2025-57

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

7.5CVSS7AI score0.00896EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.7 views

The vulnerability of the Device OAuth protocol implementation on the software platform based on git for collaborative code development in GitLab EE/CE allows a perpetrator to gain unauthorized access to the API.

The vulnerability of the Device OAuth protocol implementation on the software platform based on Git for collaborative code development in GitLab EE/CE is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor,...

7.1CVSS5.6AI score0.00538EPSS
Exploits0References4Affected Software1
Rockylinux
Rockylinux
added 2024/02/12 8:17 p.m.19 views

sos bugfix and enhancement update

An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

7AI score
Exploits0
Rows per page
Query Builder