Lucene search
K

794 matches found

Snyk
Snyk
added 2026/04/17 10:39 p.m.6 views

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization in the proxy cache fetcher. An attacker can gain unauthorized access to sensitive information or perform actions with insufficient authorization by...

6CVSS5.7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.6 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 8:54 p.m.23 views

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:54 p.m.7 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 8:54 p.m.2 views

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 8:54 p.m.17 views

CVE-2026-40155

The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.12 views

nextjs-auth0 安全漏洞

nextjs-auth0 is an open-source Next.js SDK developed by Auth0, used for authentication with Auth0. Versions 4.12.0 to 4.17.1 of nextjs-auth0 contain security vulnerabilities. These vulnerabilities stem from requests that trigger random number retries, which may lead to improper handling of token...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33516

Name of the Vulnerable Software and Affected Versions Auth0 Next.js SDK versions 4.12.0 through 4.17.1 Description Simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for token request results. This occurs when projects use the proxy...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/04/07 4:15 p.m.5 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-33033 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-33033 Source advisory: SNYK:PYTHON-DJANGO-15923567...

6.5CVSS5.8AI score0.00689EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/07 4:13 p.m.3 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4292 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4292 Source advisory: SNYK:PYTHON-DJANGO-15923535...

2.7CVSS5.8AI score0.00294EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:30 p.m.6 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4277 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4277 Source advisory: OSV:GHSA-PWJP-CCJC-GHWG...

9.8CVSS5.8AI score0.00458EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.6 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:PYSEC-2026-51...

7.5CVSS5.8AI score0.00436EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-33175

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 10:16 p.m.3 views

CVE-2026-33175

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS0.00438EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:56 p.m.3 views

CVE-2026-33175

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/03 9:56 p.m.18 views

CVE-2026-33175

CVE-2026-33175 affects OAuthenticator for JupyterHub. Before 17.4.0, an authentication bypass via unverified emails on an Auth0 tenant when email is used as the usrname_claim can allow login and potential account takeover. Affected: OAuthenticator versions before 17.4.0 integrated with JupyterHub...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 9:56 p.m.16 views

CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS0.00438EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 3:44 a.m.5 views

GHSA-GHC5-95C2-VWCV Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:44 a.m.30 views

Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 3:43 a.m.22 views

GHSA-VFPX-Q664-H93M Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It ...

8.2CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder