All CosmicBytez Labs articles tagged #Identity Provider, across news, security advisories, how-to guides, and projects.
A critical cross-site scripting vulnerability in authentik's Simple Flow Executor AutosubmitStage allows attackers to execute arbitrary JavaScript via a…
A critical authentication bypass in authentik allows attackers to skip the Source stage entirely by sending an empty POST request, completely circumventing…
A high-severity host header injection vulnerability in ZITADEL's login V2 password reset flow allows attackers to redirect reset links to...
A critical cross-site scripting vulnerability in ZITADEL's login V2 /saml-post endpoint allows unauthenticated attackers to execute arbitrary JavaScript...
A stored cross-site scripting vulnerability in ZITADEL's login V2 interface allows organization administrators to inject malicious JavaScript via a...