CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2025-31093

creationtimestamp| type| source ---|---|--- 2025-03-28 10:28:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9308 2025-03-28 13:34:01+00:00| seen| https://t.me/cvedetector/21402...

CVE-2025-31093 WordPress RPS Include Content plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through = 1.2.1...

CVE-2024-31093

Cross-Site Request Forgery CSRF vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting XSS.This issue affects Broken Images: from n/a through 0.2...

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2024-31093

CVE-2024-31093 concerns a CSRF-to-XSS vulnerability in the WordPress Broken Images plugin (

CVE-2024-31093 WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting XSS.This issue affects Broken Images: from n/a through 0.2...

WordPress Broken Images Plugin <= 0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Broken Images Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31093 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID cb4b7a81c1eb Credits Dimas Maulana Required...

CVE-2023-31093

Cross-Site Request Forgery CSRF vulnerability in Chronosly Chronosly Events Calendar plugin = 2.6.2 versions...

CVE-2023-31093

CVE-2023-31093 affects Chronosly Events Calendar plugin for WordPress, versions

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-31093

NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31093 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +498 more potentially affected by CVE-2022-31093 via next-auth (>=4.10.3 <=4.3.4)

next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...

CVE-2021-31093

CVE-2021-31093 is rejected/not used and does not represent an active vulnerability entry.

CVE-2021-31093

...