Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
next vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35924
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of email...
Nextauth.js Next-auth
NA
CVE-2023-48309
NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an in...
Nextauth.js Next-auth
2 Github repositories
5.8
CVSSv2
CVE-2022-24858
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option...
Nextauth.js Next-auth
NA
CVE-2022-39263
`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use `next-auth` Email Provider and `@next-auth/upstash-redis-adapter` before v3.0.2 are affected by this vulnerability. The Upstash Redis ...
Nextauth.js Next-auth
NA
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.
Recruit Rikunabi Next
5
CVSSv2
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instanti...
Nextauth.js Next-auth
5.8
CVSSv2
CVE-2022-29214
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this iss...
Nextauth.js Next-auth
3.5
CVSSv2
CVE-2017-1127
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...
Ibm Rational Requirements Composer 4.0
Ibm Rational Requirements Composer 4.0.0
Ibm Rational Doors Next Generation 5.0.2
Ibm Rational Doors Next Generation 6.0.0
Ibm Rational Doors Next Generation 6.0.1
Ibm Rational Doors Next Generation 6.0.2
Ibm Rational Requirements Composer 4.0.0.2
Ibm Rational Requirements Composer 4.0.2
Ibm Rational Doors Next Generation 5.0
Ibm Rational Doors Next Generation 5.0.1
Ibm Rational Requirements Composer 4.0.3
Ibm Rational Requirements Composer 4.0.4
Ibm Rational Requirements Composer 4.0.5
Ibm Rational Requirements Composer 4.0.6
Ibm Rational Requirements Composer 4.0.7
Ibm Rational Requirements Composer 4.0.0.1
Ibm Rational Requirements Composer 4.0.1
Ibm Rational Doors Next Generation 6.0
Ibm Rational Doors Next Generation 5.0.0
6.2
CVSSv2
CVE-1999-1468
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
Next Next 2.0
Sgi Irix 3.3.3
Next Next 2.1
Sgi Irix 3.3
Sgi Irix 3.3.1
Sgi Irix 3.3.2
Sgi Irix 4.0
Cray Unicos 6.0e
Sun Sunos 4.1.1
Cray Unicos 6.1
Sun Sunos 4.0.3
Sun Sunos 4.0.3c
Sun Sunos 4.1
Cray Unicos 6.0
Sun Sunos 4.1psr A
4
CVSSv2
CVE-2021-21626
Jenkins Warnings Next Generation Plugin 8.4.4 and previous versions does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specifie...
Jenkins Warnings Next Generation
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »