CVE-2025-56425

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated...

CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

EUVD-2025-37935

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering

Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...

foreman: privilege escalation through Organization and Locations API

It was found that Satellite 6 did not properly enforce access controls on certain resources. An attacker, with access to the API and knowledge of the ID name, can potentially access other resources in other organizations...

CVE-2016-4475

The CVE-2016-4475 issue affects Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3. It allows remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. Impact is data exposure and...