Lucene search
K

794 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-67490

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS7AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51935

Name of the Vulnerable Software and Affected Versions Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 Description The Auth0-PHP SDK contains a flaw in how...

6.8CVSS6.6AI score0.00368EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...

7.5CVSS6.8AI score0.00368EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-67716

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS6.8AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 1:16 a.m.9 views

CVE-2025-67716

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 12:21 a.m.12 views

EUVD-2025-202629

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS6.3AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 12:21 a.m.30 views

CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 12:21 a.m.22 views

CVE-2025-67716

CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...

5.7CVSS6.4AI score0.00226EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/11 12:21 a.m.6 views

CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS6.7AI score0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 12:21 a.m.3 views

CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS6.4AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50563

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...

5.7CVSS6.8AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.9.0 through 4.12.1, which stems from insufficient validation of the returnTo parameter input and could lead to OAuth query parameter injection...

5.7CVSS6.5AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 11:15 p.m.5 views

CVE-2025-67490

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 10:16 p.m.11 views

CVE-2025-67490

CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....

5.4CVSS6.5AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/10 10:16 p.m.19 views

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 10:16 p.m.2 views

EUVD-2025-202631

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS6.4AI score0.00172EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/10 10:16 p.m.2 views

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS6.6AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS6.8AI score0.00172EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/10 9:35 p.m.2 views

Incomplete List of Disallowed Inputs

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via improper validation of the returnTo parameter. An attacker can cause tokens to be issued with unintended parameters by injecting...

5.7CVSS6.7AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 9:35 p.m.7 views

GHSA-MR6F-H57V-RPJ5 Improper Validation of Query Parameters in Auth0 Next.js SDK

Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...

3.7CVSS6.6AI score0.00226EPSS
Exploits0References4
Rows per page
Query Builder