Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zitadel — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting zitadel. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by zitadel:zitadel
CVE IDTitleCVSSSeverityPublished
CVE-2024-47000 Service Users Deactivation not Working in Zitadel — zitadelCWE-269 8.1 High2024-09-19
CVE-2024-47060 Unauthorized Access After Organization or Project Deactivation in Zitadel — zitadelCWE-200 4.3 Medium2024-09-19
CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI — zitadelCWE-79 4.3 Medium2024-07-31
CVE-2024-41952 Zitadel has an "Ignoring unknown usernames" vulnerability — zitadelCWE-203 5.3 Medium2024-07-31
CVE-2024-39683 ZITADEL Vulnerable to Session Information Leakage — zitadelCWE-200 5.7 Medium2024-07-03
CVE-2024-32967 Zitadel exposes internal database user name and host information — zitadelCWE-200 5.3 Medium2024-05-01
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass — zitadelCWE-307 6.5 Medium2024-04-25
CVE-2024-29892 ZITADEL's actions can overload reserved claims — zitadelCWE-863 6.1 Medium2024-03-27
CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass — zitadelCWE-434 8.7 High2024-03-27
CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization — zitadelCWE-20 8.1 High2024-03-18
CVE-2024-28197 Account Takeover via Session Fixation in Zitadel [Bypassing MFA] — zitadelCWE-269 7.5 High2024-03-11
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection — zitadelCWE-640 8.1 High2023-11-30
CVE-2023-47111 ZITADEL race condition in lockout policy execution — zitadelCWE-362 7.3 High2023-11-08
CVE-2023-46238 XSS with User Avatar image in ZITADEL — zitadelCWE-79 8.7 High2023-10-26
CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting — zitadelCWE-640 5.3 Medium2023-10-10
CVE-2023-22492 RefreshToken invalidation vulnerability — zitadelCWE-613 5.9 Medium2023-01-11
CVE-2022-36051 Broken Authorization in ZITADEL Actions — zitadelCWE-436 8.7 High2022-08-31

This page lists every published CVE security advisory associated with zitadel. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.