140 matches found
CVE-2025-58769
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
EUVD-2025-32055
Malicious code in bioql PyPI...
EUVD-2022-29938
Malicious code in bioql PyPI...
EUVD-2025-32054
Malicious code in bioql PyPI...
EUVD-2025-32043
Malicious code in bioql PyPI...
EUVD-2023-34944
Malicious code in bioql PyPI...
EUVD-2024-42699
Malicious code in bioql PyPI...
EUVD-2024-53588
Malicious code in bioql PyPI...
EUVD-2024-42696
Malicious code in bioql PyPI...
GHSA-7JP2-5H22-M432 Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
GHSA-HJFH-5JMM-XR24 laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Bulk User Import endpoint due to improper sanitization of the file path wrapper and value. An attacker can access unauthorized files or resources by supplying arbitrary file paths or URLs. Details A Directory...
CVE-2025-58769
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769
CVE-2025-58769 affects the Auth0-PHP SDK (versions 3.3.0–8.16.0) where the Bulk User Import endpoint does not validate the file-path wrapper or value, allowing arbitrary file paths or URLs. This impacts applications directly using the Auth0-PHP SDK or through Auth0/symfony, Auth0/laravel-auth0, a...
PT-2025-40296
Name of the Vulnerable Software and Affected Versions auth0-PHP versions 3.3.0 through 8.16.0 Description The Bulk User Import endpoint does not validate file path wrappers or values, potentially allowing acceptance of arbitrary file paths or URLs. This affects applications directly using the...
CVE-2024-22151
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6...
CVE-2020-26517
A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...
CVE-2017-9517
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV...