CVE-2026-7118

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-42280

The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...

EUVD-2026-32533

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

auth0.js 安全漏洞

auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...

CVE-2026-42206

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

TanStack Query 安全漏洞

TanStack Query is an open-source library developed by TanStack, featuring a complete set of functions and supporting TypeScript. There is a security vulnerability in TanStack Query. This vulnerability stems from attackers exploiting configuration errors in the pullrequesttarget, GitHub Actions...

CVE-2026-42206

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

CVE-2026-42206 Roadiz OpenID Connect nonce generated but never validated — ID token replay attack

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

Incorrect Authorization

Overview auth0-js is an Auth0 headless browser sdk Affected versions of this package are vulnerable to Incorrect Authorization via token validation. An attacker can gain unauthorized access to user profile information by providing a specifically crafted invalid ID token along with a valid access...

Incorrect Authorization

Overview org.webjars.npm:auth0-js is a Client Side Javascript toolkit for Auth0 API. Affected versions of this package are vulnerable to Incorrect Authorization via token validation. An attacker can gain unauthorized access to user profile information by providing a specifically crafted invalid I...

CVE-2026-7117

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2026-7117

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

PT-2026-35407

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

EUVD-2026-12659

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...