Lucene search
K

12 matches found

Veracode
Veracode
added 2026/01/12 8:10 a.m.6 views

Sensitive Information Disclosure

authkit-nextjs is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing anti-caching headers on authenticated responses, where session tokens can be cached by CDNs and inadvertently served to other users, leading to unauthorized session exposure in environments with...

9.3CVSS6.8AI score0.00335EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 2:35 a.m.7 views

CVE-2025-64762

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS7.4AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 2:15 a.m.8 views

CVE-2025-64762

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS0.00335EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 1:29 a.m.16 views

CVE-2025-64762

Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...

9.3CVSS7AI score0.00335EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 1:29 a.m.2 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS7AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/21 1:29 a.m.14 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS0.00335EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 1:29 a.m.6 views

CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs

The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...

9.3CVSS7.3AI score0.00335EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.14 views

AuthKit Next.js Library 安全漏洞

AuthKit Next.js Library is a WorkOS open source AuthKit library for Next.js. A security vulnerability exists in AuthKit Next.js Library version 2.11.0 and earlier, which stems from an unapplied anti-caching header that could lead to session token disclosure...

9.3CVSS6.4AI score0.00335EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/20 9:29 p.m.3 views

Use of Cache Containing Sensitive Information

Overview @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can ga...

9.3CVSS6.4AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/20 9:29 p.m.7 views

authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

9.3CVSS6.8AI score0.00335EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/20 9:29 p.m.4 views

GHSA-P8PF-44FF-93GF authkit-nextjs may let session cookies be cached in CDNs

In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...

9.3CVSS6.7AI score0.00335EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.5 views

PT-2025-47657

Name of the Vulnerable Software and Affected Versions AuthKit-nextjs versions 2.11.0 and below Description The AuthKit library for Next.js, used for authentication and session management, does not apply anti-caching headers to authenticated responses in versions 2.11.0 and below. This can lead to...

9.3CVSS7.1AI score0.00335EPSS
Exploits0References15
Rows per page
Query Builder