| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-57770 | ZITADEL user enumeration vulnerability in login UI | zitadel | zitadel | Medium | 5.3 | 2025-08-22 16:50:35 | Deep Dive |
| CVE-2025-53895 | ZITADEL has broken authN and authZ in session API and resulting session tokens | zitadel | zitadel | - | - | 2025-07-15 16:39:01 | Deep Dive |
| CVE-2025-48936 | ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection | zitadel | zitadel | High | 8.1 | 2025-05-30 06:30:58 | Deep Dive |
| CVE-2025-46815 | ZITADEL Allows IdP Intent Token Reuse | zitadel | zitadel | High | 8.0 | 2025-05-06 17:13:54 | Deep Dive |
| CVE-2025-31124 | Zitadel allows User Enumeration by loginname attribute normalization | zitadel | zitadel | Medium | 5.3 | 2025-03-31 19:38:12 | Deep Dive |
| CVE-2025-31123 | Zitadel Expired JWT Keys Usable for Authorization Grants | zitadel | zitadel | High | 8.7 | 2025-03-31 19:31:41 | Deep Dive |
| CVE-2025-27507 | IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations | zitadel | zitadel | Critical | 9.0 | 2025-03-04 16:43:23 | Deep Dive |
| CVE-2024-49757 | Zitadel User Registration Bypass Vulnerability | zitadel | zitadel | High | 7.5 | 2024-10-25 14:22:50 | Deep Dive |
| CVE-2024-49753 | Denied Host Validation Bypass in Zitadel Actions | zitadel | zitadel | Medium | 5.9 | 2024-10-25 14:11:44 | Deep Dive |
| CVE-2024-46999 | User Grant Deactivation not Working in Zitadel | zitadel | zitadel | High | 7.3 | 2024-09-19 23:11:48 | Deep Dive |
| CVE-2024-47000 | Service Users Deactivation not Working in Zitadel | zitadel | zitadel | High | 8.1 | 2024-09-19 23:10:34 | Deep Dive |
| CVE-2024-47060 | Unauthorized Access After Organization or Project Deactivation in Zitadel | zitadel | zitadel | Medium | 4.3 | 2024-09-19 23:08:01 | Deep Dive |
| CVE-2024-41953 | Zitadel improperly sanitizes HTML in emails and Console UI | zitadel | zitadel | Medium | 4.3 | 2024-07-31 16:42:33 | Deep Dive |
| CVE-2024-41952 | Zitadel has an "Ignoring unknown usernames" vulnerability | zitadel | zitadel | Medium | 5.3 | 2024-07-31 16:30:23 | Deep Dive |
| CVE-2024-39683 | ZITADEL Vulnerable to Session Information Leakage | zitadel | zitadel | Medium | 5.7 | 2024-07-03 19:20:09 | Deep Dive |
| CVE-2024-32967 | Zitadel exposes internal database user name and host information | zitadel | zitadel | Medium | 5.3 | 2024-05-01 06:43:36 | Deep Dive |
| CVE-2024-32868 | ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass | zitadel | zitadel | Medium | 6.5 | 2024-04-25 23:53:37 | Deep Dive |
| CVE-2024-29892 | ZITADEL's actions can overload reserved claims | zitadel | zitadel | Medium | 6.1 | 2024-03-27 19:59:25 | Deep Dive |
| CVE-2024-29891 | ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass | zitadel | zitadel | High | 8.7 | 2024-03-27 19:18:08 | Deep Dive |
| CVE-2024-28855 | ZITADEL vulnerable to improper HTML sanitization | zitadel | zitadel | High | 8.1 | 2024-03-18 21:46:47 | Deep Dive |