CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6597 matches found

Cvelist•added 2025/05/27 3:27 p.m.•24 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS0.00745EPSS

Exploits0References3

Vulnrichment•added 2025/05/27 3:27 p.m.•12 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

6.9CVSS5.2AI score0.00745EPSS

Exploits0References3

OSV•added 2025/05/27 3:27 p.m.•6 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS6.5AI score0.00745EPSS

Exploits0References4

CVE•added 2025/05/27 3:27 p.m.•63 views

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

6.9CVSS5.2AI score0.00745EPSS

Exploits0References3

CNNVD•added 2025/05/27 12:0 a.m.•2 views

auth-js 路径遍历漏洞

auth-js is a Supabase Auth isomorphic Javascript library open-sourced by Supabase. A path traversal vulnerability exists in versions of auth-js prior to 2.69.1, which stems from an unvalidated user-supplied UUID and could lead to URL path traversal...

6.9CVSS6.4AI score0.00745EPSS

Exploits0References3

Positive Technologies•added 2025/05/27 12:0 a.m.•2 views

PT-2025-23011 · Auth-Js · Auth-Js

Name of the Vulnerable Software and Affected Versions: auth-js versions prior to 2.69.1 Description: The issue concerns the auth-js library, an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, certain library functions such as getUserById, deleteUser, updateUserById,...

6.9CVSS6.3AI score0.00745EPSS

Exploits0References9

RedhatCVE•added 2025/05/23 10:42 a.m.•6 views

CVE-2024-52528

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS6.9AI score0.00551EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:54 a.m.•3 views

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...

4.3CVSS7AI score0.0057EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:53 a.m.•6 views

CVE-2024-12059

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the elioptionvalue shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS6.7AI score0.00294EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:2 a.m.•4 views

CVE-2024-33516

An unauthenticated Denial of Service DoS vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller...

7.5CVSS6.9AI score0.00617EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:1 a.m.•8 views

CVE-2023-28131

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to th...

9.6CVSS6.8AI score0.23165EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:16 a.m.•6 views

CVE-2023-47229

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vyas Dipen Top 25 Social Icons plugin = 3.1 versions...

6.5CVSS6.7AI score0.00389EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•10 views

CVE-2023-23681

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin = 4.0 versions...

6.5CVSS5.6AI score0.00383EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:10 a.m.•19 views

CVE-2023-32600

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

6.5CVSS5.6AI score0.00332EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:2 a.m.•8 views

CVE-2023-27435

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...

8.8CVSS7.1AI score0.00194EPSS

Exploits0References1