Lucene search
K

29 matches found

Nuclei
Nuclei
added 6 hours ago34 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7.1AI score0.02572EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/03/27 7:53 p.m.7 views

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

6.4AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2814

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00532EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2909

Malicious code in bioql PyPI...

7.3CVSS5.3AI score0.00516EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2329

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00609EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8871

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00453EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7787

Malicious code in bioql PyPI...

9CVSS6.3AI score0.00584EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2852

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00767EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-50475

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00437EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8872

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.0036EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/05/30 6:30 a.m.8 views

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.1CVSS8.4AI score0.00358EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:0 a.m.6 views

CVE-2023-47111

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

7.3CVSS6.9AI score0.00516EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/06 5:13 p.m.7 views

CVE-2025-46815 ZITADEL Allows IdP Intent Token Reuse

The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...

8CVSS7.9AI score0.00388EPSS
Exploits0References5
CVE
CVE
added 2025/03/31 7:38 p.m.70 views

CVE-2025-31124

CVE-2025-31124 (Zitadel) describes a user enumeration flaw in the login flow caused by normalization of the username when the “Ignoring unknown usernames” setting is enabled. Although the UI prompts for a password and returns “Username or Password invalid” for non-existent users, the normalizatio...

5.3CVSS5.2AI score0.00453EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2025/03/31 7:38 p.m.7 views

CVE-2025-31124 Zitadel allows User Enumeration by loginname attribute normalization

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

5.3CVSS6.6AI score0.00453EPSS
Exploits0References13
The Hacker News
The Hacker News
added 2025/02/10 11:0 a.m.16 views

Don't Overlook These 6 Critical Okta Security Configurations

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With...

7.5AI score
Exploits0
NVD
NVD
added 2024/07/03 8:15 p.m.38 views

CVE-2024-39683

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

6.5CVSS0.00609EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/07/03 7:20 p.m.39 views

CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

5.7CVSS0.00609EPSS
Exploits0References10
OSV
OSV
added 2024/07/03 7:20 p.m.28 views

CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

5.7CVSS6.3AI score0.00609EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2024/02/20 10:53 a.m.47 views

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful...

9.8CVSS10AI score0.12661EPSS
Exploits0
Rows per page
Query Builder