Lucene search
K

15 matches found

OSV
OSV
added 2026/04/21 3:21 p.m.5 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/21 3:21 p.m.9 views

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/21 3:21 p.m.4 views

EUVD-2026-23537

Auth0 Next.js SDK has Improper Proxy Cache Lookup...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.4 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.6 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 8:54 p.m.23 views

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 8:54 p.m.17 views

CVE-2026-40155

The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:54 p.m.7 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 8:54 p.m.2 views

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2025/12/11 12:21 a.m.23 views

CVE-2025-67716

CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...

5.7CVSS6.4AI score0.0023EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/12/10 9:31 p.m.2 views

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization via improper lookups in TokenRequestCache. An attacker can access sensitive information belonging to other users by making simultaneous requests on t...

5.9CVSS6.5AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50552

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS7AI score0.00178EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12633

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00375EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/29 6:54 p.m.13 views

Auth0 NextJS SDK v4 Missing Session Invalidation

Overview Auth0 NextJS v4.0.1 to v4.5.0 does not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. Am I Affected? You are affected if y...

7.1CVSS6.8AI score0.00375EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/29 6:54 p.m.8 views

GHSA-PJR6-JX7R-J4R6 Auth0 NextJS SDK v4 Missing Session Invalidation

Overview Auth0 NextJS v4.0.1 to v4.5.0 does not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. Am I Affected? You are affected if y...

7.1CVSS6.8AI score0.00375EPSS
Exploits0References5
Rows per page
Query Builder