3 matches found
CVE-2026-58422
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts...
CVE-2026-58422
CVE-2026-58422 describes an improper authorization issue in the OAuth sign-in callback, where administrator-disabled accounts can be silently re-enabled. The linked sources corroborate this description and reference related Gitea release notes, but the provided documents do not specify affected p...
GHSA-XV97-C62V-4587 NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...