GO-2024-2637: Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel
GO-2024-2664: ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel
GO-2024-2665: ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel
GO-2024-2788: ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel
GO-2024-2804: Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel