Tag
high
advisory
Auth0-PHP SDK Cookie Forging Vulnerability (CVE-2026-34236)
2 rules 1 TTP 1 CVEAuth0-PHP SDK versions 8.0.0 to before 8.19.0 encrypt cookies with insufficient entropy, potentially allowing attackers to brute-force the encryption key and forge session cookies.
cve-2026-34236
auth0
php
cookie-forging
session-hijacking
2r
1t
1c
high
advisory
Auth0.js SDK Improper Permission Checking Vulnerability
2 rules 1 TTPThe Auth0.js SDK versions 8.11.0 to 9.32.0 improperly returns user profile information when provided a crafted invalid ID token, potentially bypassing access controls relying on Auth0 Actions.
auth0.js SDK
auth0
sdk
vulnerability
authentication
2r
1t