Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/01/09 8:40 a.m.8 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS6.8AI score0.01137EPSS
Exploits0References1
nvd
nvd
added 2022/08/02 6:15 p.m.17 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS0.01137EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2022/08/02 5:55 p.m.8 views

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS9.3AI score0.01137EPSS
Exploits0References8
cve
cve
added 2022/08/02 5:55 p.m.404 views

CVE-2022-35924

CVE-2022-35924 affects NextAuth.js EmailProvider in versions before 4.10.3 and 3.29.10. An attacker could forge a request with a comma-separated email list, causing the system to send emails to both attacker and victim, potentially bypassing authorization (e.g., email.endsWith checks) when loggin...

9.1CVSS9.3AI score0.01137EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2022/08/02 5:55 p.m.16 views

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS9.5AI score0.01137EPSS
Exploits0References8
Rows per page
Query Builder