7 matches found
GHSA-6X8V-2FQ5-2229 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers
Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original organization if the previous I...
PT-2026-50739
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...
CVE-2025-13420
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-13420
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been ma...
CVE-2025-13420
CVE-2025-13420 affects itsourcecode Human Resource Management System 1.0. The issue is a vulnerability in processing the eventSubject argument in /src/store/EventStore.php, enabling SQL injection. Exploitation is possible remotely and public exploits exist. Multiple sources (NVD, Red Hat, CVE lis...
Malicious code in hapi-event-store (npm)
The package hapi-event-store was found to contain malicious code...
MAL-2025-22178 Malicious code in hapi-event-store (npm)
The package hapi-event-store was found to contain malicious code...