SUSE CVE-2026-29193

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CVE-2026-29193

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CVE-2026-29193

Technical details for CVE-2026-29193 are not publicly available in the provided documents. No affected products, versions, root cause, or patch specifics are described beyond the initial entry. Monitor for updates from vendors and security advisories.

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CLEANSTART-2026-MY73913 Security fixes for GHSA-R6J8-C6R2-37RR applied in versions: 4.12.1-r0

Security vulnerability affects the kubernetes-csi-driver-nfs package. This issue is resolved in later releases. See references for vulnerability details...

CVE-2025-67716

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

EUVD-2023-2540

Malicious code in bioql PyPI...

EUVD-2023-2389

Malicious code in bioql PyPI...

CVE-2023-38507

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the mirror-target and mirror-host annotations. Remediation Upgrade k8s.io/ingress-nginx/rootfs/etc/nginx/template to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or higher. References - GitHub Commit - GitHub...

WordPress plugin Ajax Search Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Design/Logic Flaw

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12...

CVE-2023-38507 Strapi Improper Rate Limiting vulnerability

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12...

Design/Logic Flaw

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...

Cross site scripting

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1 When parsing HTML from remote...

SUSE-RU-2019:2715-1 Recommended update for xen

This update for xen to version 4.12.1 fixes the following issues: - Fixed an issue which made Xen crash on AMD ROME based machines bsc1135799. - Xenpvnetboot is now ported correctly to Python 3 bsc1138563. - Added code to change LIBXLHOTPLUGTIMEOUT at runtime bsc1120095. The included README has...