Filter

IBM Cognos Analyticsjsonwebtoken unrestricted key type could lead to legacy keys usage

8.1
First published (updated )

IBM Cognos Analyticsjsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

First published (updated )

IBM Cognos Analyticsjsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

7.6
First published (updated )

Auth0 passport-wsfed-saml2Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication

7.5
First published (updated )

Auth0 LockHTML injection with additional signup fields

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Auth0 Express Openid ConnectOpen Redirect in express-openid-connect

7.5
First published (updated )

Auth0 Nextjs-auth0Open redirect in nextjs-auth0

First published (updated )

Auth0 Express Openid ConnectSession fixation in express-openid-connect

8.8
First published (updated )

Auth0 Nextjs-auth0Reflected XSS from the callback handler's error query parameter

First published (updated )

Auth0 LockReflected XSS when using flashMessages

8.1
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Auth0 Ad\/ldap ConnectorCSRF in Auth0 ad-ldap-connector

8.8
First published (updated )

Auth0 Omniauth-auth0Regression in JWT Signature Validation

First published (updated )

Auth0 LockDOM-based XSS in auth0-lock

First published (updated )

Auth0 Auth0.jsAuthorization header is not sanitized in an error object in auth0

7.7
First published (updated )

Auth0 Express-jwtAuthorization bypass in express-jwt

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Auth0 Auth0.jsInformation disclosure through error object

First published (updated )

Auth0 Login By Auth0An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform …

8.8
First published (updated )

Auth0 Login By Auth0Input Validation

First published (updated )

Auth0 Wp-auth0CSRF

8.8
First published (updated )

Auth0 Login By Auth0XSS

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Auth0 Wp-auth0XSS

First published (updated )

Auth0 Login By Auth0XSS

First published (updated )

Auth0 LockXSS

First published (updated )

nuget/Auth0.AuthenticationApiAuth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be acci…

7.5
First published (updated )

Auth0 Passport-SharePointAuth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Auth0 Auth0-WCF-Service-JWTAuth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when i…

First published (updated )

Auth0 AspnetCSRF

8.8
First published (updated )

Auth0 angular-jwtInput Validation

First published (updated )

Auth0 JsonwebtokenInput Validation

First published (updated )

Auth0 Auth0.jsThe Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audie…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203