| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-28197 | Account Takeover via Session Fixation in Zitadel [Bypassing MFA] | zitadel | zitadel | High | 7.5 | 2024-03-11 19:48:11 | Deep Dive |
| CVE-2023-49097 | ZITADEL vulnerable account takeover via malicious host header injection | zitadel | zitadel | High | 8.1 | 2023-11-30 04:45:50 | Deep Dive |
| CVE-2023-47111 | ZITADEL race condition in lockout policy execution | zitadel | zitadel | High | 7.3 | 2023-11-08 21:42:28 | Deep Dive |
| CVE-2023-46238 | XSS with User Avatar image in ZITADEL | zitadel | zitadel | High | 8.7 | 2023-10-26 14:22:52 | Deep Dive |
| CVE-2023-44399 | ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting | zitadel | zitadel | Medium | 5.3 | 2023-10-10 16:55:45 | Deep Dive |
| CVE-2023-22492 | RefreshToken invalidation vulnerability | zitadel | zitadel | Medium | 5.9 | 2023-01-11 19:42:51 | Deep Dive |
| CVE-2022-36051 | Broken Authorization in ZITADEL Actions | zitadel | zitadel | High | 8.7 | 2022-08-31 22:40:10 | Deep Dive |