Lucene search
K

11 matches found

NVD
NVD
•added 2026/06/20 4:17 p.m.•15 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/20 3:24 p.m.•8 views

EUVD-2026-38122

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
•added 2025/11/14 9:11 p.m.•8 views

ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP

Summary A vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding IdP was not active or if the organization did not allow federated authentication. Impact This vulnerability stems from the...

9.8CVSS7.1AI score0.00422EPSS
Exploits0References7Affected Software1
EUVD
EUVD
•added 2025/11/14 9:11 p.m.•3 views

EUVD-2025-175316

ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP...

7.4CVSS6.3AI score0.00422EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2025/11/14 4:5 p.m.•7 views

CVE-2025-64717

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

9.8CVSS7.1AI score0.00422EPSS
Exploits0References1
NVD
NVD
•added 2025/11/13 4:15 p.m.•4 views

CVE-2025-64717

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

9.8CVSS0.00422EPSS
Exploits0References4
Cvelist
Cvelist
•added 2025/11/13 3:30 p.m.•7 views

CVE-2025-64717 ZITADEL vulnerable to Account Takeover with deactivated Instance IdP

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

7.4CVSS0.00422EPSS
Exploits0References4
CVE
CVE
•added 2025/11/13 3:30 p.m.•23 views

CVE-2025-64717

Summary of CVE-2025-64717 (ZITADEL): A flaw in ZITADEL’s federation/auto-linking during authentication allows linking an external IdP user to an existing internal user when the IdP is deactivated or not permitted for the organization. This can enable an unauthenticated account takeover, unless MF...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4Affected Software1
OSV
OSV
•added 2025/11/13 3:30 p.m.•5 views

CVE-2025-64717 ZITADEL vulnerable to Account Takeover with deactivated Instance IdP

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

7.4CVSS7AI score0.00422EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2025/11/13 12:0 a.m.•4 views

PT-2025-46850

Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.50.0 through 2.71.18 ZITADEL versions 3.0.0-rc.1 through 3.4.3 ZITADEL versions 4.0.0-rc.1 through 4.6.5 Description ZITADEL, an open source identity management platform, has a flaw in its federation process. This issue allo...

9.8CVSS6.5AI score0.00422EPSS
Exploits0References14
Citrix
Citrix
•added 2017/05/16 12:0 a.m.•8 views

Secure Mail gives Error: Your organization does not allow this action

- User opens Secure Mail. - Goes into Contacts. - Selects a contact. - Clicks on the contacts phone number. - Sees error message:Your organization does not allow this action...

7.1AI score
Exploits0
Rows per page
Query Builder