40 matches found
CVE-2026-42280
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-42280
The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...
CVE-2026-42280
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-42280 Improper Permission Checking in Auth.js SDK
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
EUVD-2026-32533
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-42280 Improper Permission Checking in Auth.js SDK
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
PT-2026-43934
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos quota goal-nid for node memcg used,free bp Users can set damos quota goal-nid with arbitrary value for node memcg used,free bp. But DAMON core is using those for NODE-DATA without a validation of the...
auth0.js 安全漏洞
auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fixed a potential leak in nfptunneladdsharedmac. idasimpleget returns an ID that is inclusive of both min 0 and max NFPMAXMACINDEX. Therefore, NFPMAXMACINDEX 0xff is a valid ID. For the error handling mechanism to wo...
Incorrect Authorization
Overview auth0-js is an Auth0 headless browser sdk Affected versions of this package are vulnerable to Incorrect Authorization via token validation. An attacker can gain unauthorized access to user profile information by providing a specifically crafted invalid ID token along with a valid access...
CVE-2026-31744
A flaw was found in the Linux kernel. When processing energy model performance domains, the devenergymodelnlgetperfdomainsdoit function fails to validate the return value from emperfdomaingetbyid. If a non-existent performance domain ID is provided, this leads to a null pointer dereference, which...
PT-2026-36379
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev energymodel nl get perf domains doit calls em perf domain get by id but does not check the return value before passing it to em nl get pd size. When a call...
CVE-2023-45292
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct...
DEBIAN-CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
UBUNTU-CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989097)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989097 advisory. In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfptunneladdsharedmac idasimpleget returns an id between min...
EUVD-2006-6443
Malware in sbrugna...
EUVD-2006-3361
Malware in sbrugna...