Incomplete List of Disallowed Inputs

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via improper validation of the returnTo parameter. An attacker can cause tokens to be issued with unintended parameters by injecting...

GHSA-MR6F-H57V-RPJ5 Improper Validation of Query Parameters in Auth0 Next.js SDK

Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

AUO SunVeillance Monitoring System Code Issue Vulnerabilities

AUO SunVeillance Monitoring System is an intelligent cloud-based PV monitoring solution from AUO Taiwan. AUO SunVeillance Monitoring System v1.1.9e is vulnerable to a code issue in the PictureManagemvc.aspx file. An attacker can exploit this vulnerability to upload files via modified authorizatio...