Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2026/04/03 3:41 a.m.10 views

Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 3:41 a.m.2 views

GHSA-FMG6-246M-9G2V Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...

8.2CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2025/12/17 10:16 p.m.5 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

7.5CVSS0.00368EPSS
Exploits0References12
CVE
CVE
added 2025/12/17 10:7 p.m.10 views

CVE-2025-68129

CVSS and description : CVE-2025-68129 relates to improper audience validation in Auth0-PHP, potentially allowing ID tokens to be accepted as access tokens. The issue affects Auth0-PHP versions 8.0.0 through 8.17.0, and applications using dependent SDKs that rely on those Auth0-PHP versions: Symfo...

7.5CVSS6.6AI score0.00368EPSS
Exploits0References12Affected Software4
OSV
OSV
added 2025/12/17 8:55 p.m.3 views

GHSA-7HH9-GP72-WH7H Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-17311

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.0062EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15580

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00467EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.10 views

laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/01 9:21 p.m.4 views

GHSA-HJFH-5JMM-XR24 laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/06 3:20 p.m.17 views

laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

9.3CVSS7.1AI score0.0062EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/06/06 3:20 p.m.9 views

GHSA-C42H-56WX-H85Q laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

Overview The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

9.3CVSS7.1AI score0.0062EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/05/17 3:7 p.m.26 views

laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

9.1CVSS7.1AI score0.00467EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/17 3:7 p.m.9 views

GHSA-9FWJ-9MJF-RHJ3 laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

9.1CVSS9AI score0.00467EPSS
Exploits0References5
Rows per page
Query Builder