Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6695

Malicious code in bioql PyPI...

8.1CVSS8AI score0.006EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.8 views

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

8.1CVSS6.9AI score0.006EPSS
Exploits0References1
OSV
OSV
added 2022/09/30 5:31 a.m.16 views

GHSA-4RXR-27MM-MXQ9 Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

6.8CVSS7.2AI score0.006EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/30 5:31 a.m.32 views

Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

8.1CVSS7.8AI score0.006EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/28 9:15 p.m.30 views

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

8.1CVSS0.006EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/28 9:5 p.m.9 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.006EPSS
Exploits0References2
CVE
CVE
added 2022/09/28 9:5 p.m.61 views

CVE-2022-39263

CVE-2022-39263 affects the Upstash Redis adapter for NextAuth.js when used with the Email Provider prior to v3.0.2. The adapter verifified only the identifier (email) and not the combined identifier + token in the email callback flow, enabling an attacker who knows the victim’s email (and token ex...

8.1CVSS7.4AI score0.006EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-4953

Name of the Vulnerable Software and Affected Versions: @next-auth/upstash-redis-adapter versions prior to 3.0.2 Description: The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checked for the identifier when verifying the token in the emai...

8.1CVSS8.2AI score0.006EPSS
Exploits0References11
Rows per page
Query Builder