Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 2:39 p.m.9 views

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:39 p.m.21 views

CVE-2026-42280

The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5937

Malware in sbrugna...

6.8CVSS6.6AI score0.01337EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3232

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00323EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.8 views

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

4.3CVSS7AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.4 views

PT-2023-6721 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue is related to an insecure direct object reference vulnerability. This could allow an unauthenticated user to view profile information, including user login names and encrypted...

7.8CVSS7.2AI score0.0064EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.12 views

Moodle doesn't properly check role

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...

4CVSS6.6AI score0.01525EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder