There aren't "obvious" security flaws here. Logging in via a link sent to a verified email is often referred to as a magic link.
Some things to consider:
- crafting the magic link
- user attempts to login
- generate some kind of cryptographically secure random value and include it in the link you email
- verify the rnd value when user is redirected from link in email
- what happens if someone loses access to their email, e.g., gets locked out? Is there account inaccessible now or is there a way to recover (backup codes, for example)
- making magic links one-time use
- uuid's are generally considered not secure, use something from a cryptography library as a session token
Alternate suggestion:
Since you're relying on email, integrate with one of the social providers via OAuth/OIDC like "sign in with Google"