CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/27 2:39 p.m.•5 views

CVE-2026-42280

The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...

ATTACKERKB•added 2026/05/27 2:39 p.m.•4 views

CVE-2026-42280

Exploits0References2Affected Software1

Cvelist•added 2026/05/27 2:39 p.m.•34 views

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

7.1CVSS0.00032EPSS

Vulnrichment•added 2026/05/27 2:39 p.m.•3 views

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

CNNVD•added 2026/05/27 12:0 a.m.•4 views

auth0.js 安全漏洞

auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...

OSV•added 2026/05/25 8:54 a.m.•7 views

MAL-2026-4306 Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/25 8:54 a.m.•7 views

MAL-2026-4304 Malicious code in auth0-internal-collector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cd9c4c46311fb401f00b6d79b338757ec70d4c666fcf65ab5ae95a90d686233 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/25 8:54 a.m.•8 views

Malicious code in auth0-android-helper-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8bbf606b203b722af6caf26888ddc7c9bb9c1bc4117d52c963615a998b3bf933 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/25 8:54 a.m.•7 views

Malicious code in auth0-sample-dus-utils (npm)

OSV•added 2026/05/25 8:54 a.m.•8 views

MAL-2026-4301 Malicious code in auth0-android-helper-utils (npm)

Snyk•added 2026/05/25 8:54 a.m.•5 views

Malicious Package

Overview auth0-net-sdk-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OSV•added 2026/05/25 8:54 a.m.•6 views

MAL-2026-4305 Malicious code in auth0-net-sdk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cf6a5c13db1c0846ba64abd842d9980dddd9c0d66d3497d549779ccaea114b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/25 8:54 a.m.•6 views

Malicious code in auth0-internal-collector (npm)

OSV•added 2026/05/25 8:54 a.m.•6 views

MAL-2026-4303 Malicious code in auth0-common-telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f3c3552f34433514fdec16e709163cc2f8aeac595a66544d9924a94e46a01fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/25 8:54 a.m.•7 views

Malicious code in auth0-common-telemetry (npm)

Snyk•added 2026/05/25 8:54 a.m.•7 views

Malicious Package

Overview auth0-common-telemetry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Snyk•added 2026/05/25 8:54 a.m.•6 views

Malicious Package

Overview auth0-aspnetcore-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Snyk•added 2026/05/25 8:54 a.m.•4 views

Malicious Package

Overview auth0-android-helper-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Snyk•added 2026/05/25 8:54 a.m.•4 views

Malicious Package

Overview auth0-internal-collector is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...