Exposición de Auth0
Authentication30
score de exposición
947
sitios usan
0
en explotación
3
críticos
CVEs
31 resultadosCVE-2021-32641HIGHReflected XSS when using flashMessagesEPSS 1.5%CVE-2020-15125HIGHAuthorization header is not sanitized in an error object in auth0EPSS 1.5%CVE-2021-32702HIGHReflected XSS from the callback handler's error query parameterEPSS 1.4%CVE-2020-15084HIGHAuthorization bypass in express-jwtEPSS 1.1%CVE-2020-15259HIGHCSRF in Auth0 ad-ldap-connectorEPSS 0.9%CVE-2021-41246MEDIUMSession fixation in express-openid-connectEPSS 0.9%CVE-2020-5263MEDIUMInformation disclosure through error objectEPSS 0.9%CVE-2020-15240HIGHRegression in JWT Signature ValidationEPSS 0.8%CVE-2022-23541MEDIUMjsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMACEPSS 0.8%CVE-2022-23505MEDIUMPassport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authenticationEPSS 0.8%CVE-2022-24794HIGHOpen Redirect in express-openid-connectEPSS 0.7%CVE-2021-43812MEDIUMOpen redirect in nextjs-auth0EPSS 0.7%CVE-2025-48951CRITICALAuth0-PHP SDK Deserialization of Untrusted Data vulnerabilityEPSS 0.6%CVE-2022-29172MEDIUMHTML injection with additional signup fieldsEPSS 0.6%CVE-2020-15119MEDIUMDOM-based XSS in auth0-lockEPSS 0.5%CVE-2022-23540MEDIUMjsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()EPSS 0.5%CVE-2022-23539MEDIUMjsonwebtoken unrestricted key type could lead to legacy keys usageEPSS 0.5%CVE-2025-47275CRITICALBrute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDKEPSS 0.5%CVE-2025-46572CRITICALpassport-wsfed-saml2 Has SAML Authentication Bypass via Signature WrappingEPSS 0.4%CVE-2025-68129MEDIUMAuth0-PHP SDK has Improper Audience ValidationEPSS 0.4%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →