Lucene search
K

15 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.17 views

Malicious code in camelotlabs-utils (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.14 views

Malicious code in camelotlabs-core (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 12:0 a.m.7 views

MAL-2026-3640 Malicious code in camelotlabs-config (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 12:0 a.m.9 views

MAL-2026-3644 Malicious code in camelotlabs-worker (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6695

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.7 views

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

8.1CVSS6.9AI score0.00583EPSS
Exploits0References1
OSV
OSV
added 2022/09/30 5:31 a.m.16 views

GHSA-4RXR-27MM-MXQ9 Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

6.8CVSS7.2AI score0.00583EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/30 5:31 a.m.32 views

Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

8.1CVSS7.8AI score0.00583EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/28 9:15 p.m.29 views

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

8.1CVSS0.00583EPSS
Exploits0References2
Prion
Prion
added 2022/09/28 9:15 p.m.20 views

Design/Logic Flaw

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

5.1CVSS8.1AI score0.00583EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 9:5 p.m.8 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.00583EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/28 9:5 p.m.36 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.4AI score0.00583EPSS
Exploits0References2
CVE
CVE
added 2022/09/28 9:5 p.m.60 views

CVE-2022-39263

CVE-2022-39263 affects the Upstash Redis adapter for NextAuth.js when used with the Email Provider prior to v3.0.2. The adapter verifified only the identifier (email) and not the combined identifier + token in the email callback flow, enabling an attacker who knows the victim’s email (and token ex...

8.1CVSS7.4AI score0.00583EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/28 9:5 p.m.24 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.00583EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-4953

Name of the Vulnerable Software and Affected Versions: @next-auth/upstash-redis-adapter versions prior to 3.0.2 Description: The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checked for the identifier when verifying the token in the emai...

8.1CVSS8.2AI score0.00583EPSS
Exploits0References11
Rows per page
Query Builder