Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.6 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS6.8AI score0.01137EPSS
Exploits0References1
NVD
NVD
added 2022/08/02 6:15 p.m.17 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS0.01137EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/08/02 5:55 p.m.8 views

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS9.3AI score0.01137EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/08/02 5:55 p.m.15 views

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS9.5AI score0.01137EPSS
Exploits0References8
CVE
CVE
added 2022/08/02 5:55 p.m.402 views

CVE-2022-35924

CVE-2022-35924 affects NextAuth.js EmailProvider in versions before 4.10.3 and 3.29.10. An attacker could forge a request with a comma-separated email list, causing the system to send emails to both attacker and victim, potentially bypassing authorization (e.g., email.endsWith checks) when loggin...

9.1CVSS9.3AI score0.01137EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder