3 matches found
CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2025-67490
CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....
PT-2022-23986 · Silverstripe · Silverstripe Cms
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/cms versions 4.11.0 and earlier Description: The issue allows for XSS Cross-Site Scripting attacks. A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would...