794 matches found
CVE-2025-67490
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
PT-2025-51935
Name of the Vulnerable Software and Affected Versions Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 Description The Auth0-PHP SDK contains a flaw in how...
Auth0-PHP 安全漏洞
Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...
CVE-2025-67716
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67716
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
EUVD-2025-202629
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67716
CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...
CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
PT-2025-50563
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
nextjs-auth0 安全漏洞
nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.9.0 through 4.12.1, which stems from insufficient validation of the returnTo parameter input and could lead to OAuth query parameter injection...
CVE-2025-67490
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490
CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
EUVD-2025-202631
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
Incomplete List of Disallowed Inputs
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via improper validation of the returnTo parameter. An attacker can cause tokens to be issued with unintended parameters by injecting...
GHSA-MR6F-H57V-RPJ5 Improper Validation of Query Parameters in Auth0 Next.js SDK
Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...