Lucene search
K

794 matches found

Snyk
Snyk
added 2026/01/28 4:33 p.m.5 views

Malicious Package

Overview auth0-lock-webpack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Veracode
Veracode
added 2026/01/13 7:31 a.m.4 views

OAuth Parameter Injection

Auth0 Next.js is vulnerable to OAuth Parameter Injection. The vulnerability is due to insufficient validation of the returnTo parameter, where attacker-controlled input can inject unintended OAuth query parameters into the authorization request, potentially resulting in tokens being issued with...

5.7CVSS7AI score0.0023EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.10 views

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

6.1CVSS5.9AI score0.02462EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.8 views

CVE-2019-20174

Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder...

6.1CVSS6AI score0.00724EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.4 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.9AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 10:16 p.m.6 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

7.5CVSS0.00368EPSS
Exploits0References12
CVE
CVE
added 2025/12/17 10:7 p.m.14 views

CVE-2025-68129

CVSS and description : CVE-2025-68129 relates to improper audience validation in Auth0-PHP, potentially allowing ID tokens to be accepted as access tokens. The issue affects Auth0-PHP versions 8.0.0 through 8.17.0, and applications using dependent SDKs that rely on those Auth0-PHP versions: Symfo...

7.5CVSS6.6AI score0.00368EPSS
Exploits0References12Affected Software4
EUVD
EUVD
added 2025/12/17 10:7 p.m.7 views

EUVD-2025-203985

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.4AI score0.00368EPSS
Exploits0References13
Cvelist
Cvelist
added 2025/12/17 10:7 p.m.21 views

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS0.00368EPSS
Exploits0References12
OSV
OSV
added 2025/12/17 10:7 p.m.8 views

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References14
EUVD
EUVD
added 2025/12/17 8:57 p.m.3 views

EUVD-2025-203982

Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency...

6.5AI score
Exploits0References4
OSV
OSV
added 2025/12/17 8:57 p.m.3 views

GHSA-VVG7-8RMQ-92G7 Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 8:57 p.m.9 views

Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/17 8:56 p.m.5 views

EUVD-2025-203983

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...

6.5AI score
Exploits0References4
OSV
OSV
added 2025/12/17 8:56 p.m.5 views

GHSA-F3R2-88MQ-9V4G Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 8:56 p.m.7 views

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/17 8:55 p.m.6 views

EUVD-2025-203984

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency...

6.5AI score
Exploits0References4
OSV
OSV
added 2025/12/17 8:55 p.m.3 views

GHSA-7HH9-GP72-WH7H Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 8:55 p.m.8 views

Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/17 8:52 p.m.9 views

Auth0-PHP SDK has Improper Audience Validation

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

7.5CVSS6.9AI score0.00368EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder