Lucene search
K

794 matches found

Github Security Blog
Github Security Blog
added 2025/12/10 9:35 p.m.16 views

Improper Validation of Query Parameters in Auth0 Next.js SDK

Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...

5.7CVSS6.8AI score0.0023EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/12/10 9:31 p.m.2 views

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization via improper lookups in TokenRequestCache. An attacker can access sensitive information belonging to other users by making simultaneous requests on t...

5.9CVSS6.5AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 9:31 p.m.2 views

GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

5.4CVSS6.8AI score0.00178EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50552

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS7AI score0.00178EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...

5.4CVSS6.5AI score0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/05 7:24 p.m.6 views

CVE-2025-65945

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS6.1AI score0.002EPSS
Exploits1References5
NVD
NVD
added 2025/12/04 7:16 p.m.10 views

CVE-2025-65945

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS0.002EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/04 6:45 p.m.2 views

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS6.2AI score0.002EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/04 6:45 p.m.22 views

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS0.002EPSS
Exploits1References2
OSV
OSV
added 2025/12/04 4:54 p.m.2 views

GHSA-869P-CJFG-CM3X auth0/node-jws Improperly Verifies HMAC Signature

Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...

7.5CVSS6.6AI score0.002EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/12/04 4:54 p.m.13 views

auth0/node-jws Improperly Verifies HMAC Signature

Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...

7.5CVSS6.9AI score0.002EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49117

Name of the Vulnerable Software and Affected Versions auth0/node-jws versions 3.2.2 and earlier auth0/node-jws version 4.0.0 Description auth0/node-jws is a JSON Web Signature implementation for Node.js. A flaw exists in signature verification when using the HS256 algorithm under specific...

7.5CVSS6.3AI score0.00403EPSS
Exploits2References48
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175691

Malicious code in vortex-auth0-string-holography npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177685

Malicious code in nebula-build-auth0-mui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176266

Malicious code in spectron-markdown-avior-auth0 npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-189609 Malicious code in spectron-markdown-avior-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cda5fccf9c493a775930450c26b7389eb9ec4a139fc1f065b0c0e777ab3772d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175772

Malicious code in ursa-auth0-delphinus-nodejs npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-180226

Malicious code in auth0-andromeda-heka-cross-env npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176681

Malicious code in resolvers-auth0-version-charon npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-180222

Malicious code in auth0-scripts-slides-build npm...

6.6AI score
Exploits0
Rows per page
Query Builder