SUSE CVE-2026-27946

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...

CVE-2026-27946

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

CVE-2026-27946

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

CVE-2026-27946

ZITADEL exposes a vulnerability in its self-management capability prior to versions 4.11.1 and 3.4.7 that allowed a user to mark their email and/or phone as verified without going through actual verification. The fix, in versions 4.11.1 and 3.4.7, enforces the correct permission when the verifica...

CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

PT-2026-22071

Name of the Vulnerable Software and Affected Versions ZITADEL versions prior to 3.4.7 ZITADEL versions prior to 4.11.1 Description ZITADEL, an open source identity management platform, had a flaw in its self-management feature. This allowed users to falsely mark their email and phone as verified...

EUVD-2021-32520

Malicious code in bioql PyPI...

EUVD-2022-33043

Malicious code in bioql PyPI...

CVE-2025-5955

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthenticated attackers to login as arbitrary...

TikTok: Authentication Bypass on TikTok Seller Signup Process Allows Account Creation Without Phone Verification

The authentication bypass vulnerability on the TikTok Seller signup process allowed account creation without phone verification...

CVE-2022-28601

A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...

Authentication flaw

A Two-Factor Authentication 2FA bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism...

Mail.ru: Bypass OTP on contact back request at https://driver.city-mobil.ru/

It was possible to bypass phone verification for support call back request...

Unikrn: Improper validation at Phone verification (possible cost increase + SMS SPAM attack)

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Please add the affected...

CAPTCHA Bypass Vulnerability in FAW-Volkswagen After-Sales Service App Android Version

FAW-VW After-sales Service APP is a software that provides professional after-sales service. Through this software, you can call roadside assistance with one click at anytime and anywhere. The software also provides personal automobile information, online reservation and automobile repair progres...

Mail.ru: No CSRF token used in Phone Verification POST

When I tried to register in mail.ru,I submitted my phone number and Got a verification code in my phone. During submission of that code,I saw that POST goes without any CSRF tokens.And I identified two other vulnerabilities on that procedure. 1. No Session Verification on server side while...

通达OA外网登陆绕过短信验证

简要描述： 外网登陆可绕过手机验证码 详细说明： http://外网网址/general/ 此处登陆需要获取手机验证码 http://外网网址/pda/ 但此处登陆无需验证码，登陆后可以切换回/general/目录正常访问。 漏洞证明：...