Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

RedhatCVE
RedhatCVEadded 2026/04/02 10:54 p.m.4 views

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

9.8CVSS5.7AI score0.00014EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/01 8:29 p.m.5 views

Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - The...

9.8CVSS5.9AI score0.00014EPSS
Exploits0References4Affected Software1
Snyk
Snykadded 2026/04/01 6:30 p.m.1 views

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy in the cookie encryption. An attacker can gain unauthorized access to user sessions by brute-forcing the encryption key and forging valid session cookies. Remediation Upgrade auth0/auth0-php to version 8.19.0 or...

9.8CVSS5.9AI score0.00014EPSS
Exploits0References2
NVD
NVDadded 2026/04/01 6:16 p.m.3 views

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

9.8CVSS0.00014EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/01 5:4 p.m.21 views

CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

8.2CVSS0.00014EPSS
Exploits0References2
Veracode
Veracodeadded 2026/03/02 6:38 p.m.2 views

Incorrect Authorization

Auth0-PHP is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation of access tokens, where affected applications may accept ID tokens as Access tokens, and attackers can exploit this by manipulating the audience validation in access tokens...

7.5CVSS5.9AI score0.00087EPSS
Exploits0References13Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/18 10:37 p.m.1 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.9AI score0.00087EPSS
Exploits0References1
NVD
NVDadded 2025/12/17 10:16 p.m.2 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

7.5CVSS0.00087EPSS
Exploits0References12
EUVD
EUVDadded 2025/12/17 10:7 p.m.2 views

EUVD-2025-203985

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.4AI score0.00087EPSS
Exploits0References13
CVE
CVEadded 2025/12/17 10:7 p.m.4 views

CVE-2025-68129

CVSS and description : CVE-2025-68129 relates to improper audience validation in Auth0-PHP, potentially allowing ID tokens to be accepted as access tokens. The issue affects Auth0-PHP versions 8.0.0 through 8.17.0, and applications using dependent SDKs that rely on those Auth0-PHP versions: Symfo...

7.5CVSS6.6AI score0.00087EPSS
Exploits0References12Affected Software4
OSV
OSVadded 2025/12/17 10:7 p.m.3 views

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.8AI score0.00087EPSS
Exploits0References14
Github Security Blog
Github Security Blogadded 2025/12/17 8:57 p.m.4 views

Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/12/17 8:56 p.m.1 views

EUVD-2025-203983

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...

6.5AI score
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/12/17 8:52 p.m.4 views

Auth0-PHP SDK has Improper Audience Validation

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

7.5CVSS6.9AI score0.00087EPSS
Exploits0References14Affected Software1
CNNVD
CNNVDadded 2025/12/17 12:0 a.m.1 views

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...

7.5CVSS6.8AI score0.00087EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2025/12/17 12:0 a.m.1 views

PT-2025-51935

Name of the Vulnerable Software and Affected Versions Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 Description The Auth0-PHP SDK contains a flaw in how...

6.8CVSS6.6AI score0.00087EPSS
Exploits0References15
RedhatCVE
RedhatCVEadded 2025/10/06 6:14 a.m.8 views

CVE-2025-58769

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS7AI score0.00092EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-16787

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00164EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-28079

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00084EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-32043

Malicious code in bioql PyPI...

3.3CVSS6.3AI score0.00092EPSS
Exploits0References7
Rows per page
Query Builder