| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-47768 | Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery | Lif-Platforms | Lif-Auth-Server | 中危 | - | 2024-10-04 14:33:59 | Deep Dive |
| CVE-2024-47178 | basic-auth-connect's callback uses time unsafe string comparison | expressjs | basic-auth-connect | 高危 | - | 2024-09-30 15:10:00 | Deep Dive |
| CVE-2024-42350 | Public key confusion in third party block in Biscuit | biscuit-auth | biscuit | Low | 3.0 | 2024-08-05 19:47:45 | Deep Dive |
| CVE-2024-41948 | biscuit-java vulnerable to public key confusion in third party block | biscuit-auth | biscuit-java | Low | 3.0 | 2024-08-01 22:03:16 | Deep Dive |
| CVE-2024-41949 | biscuit-rust vulnerable to public key confusion in third party block | biscuit-auth | biscuit-rust | Low | 3.0 | 2024-08-01 22:03:11 | Deep Dive |
| CVE-2024-21583 | Gitpod 安全漏洞 | - | github.com/gitpod-io/gitpod/components/server/go/pkg/lib | Medium | 4.1 | 2024-07-19 05:00:02 | Deep Dive |
| CVE-2024-39912 | Enumeration of valid usernames in web-auth/webauthn-lib | web-auth | webauthn-framework | Medium | 5.3 | 2024-07-15 19:38:05 | Deep Dive |
| CVE-2024-32879 | social-auth-app-django Improper Handling of Case Sensitivity vulnerability | python-social-auth | social-app-django | Medium | 4.9 | 2024-04-24 19:42:15 | Deep Dive |
| CVE-2023-46241 | Potential account take over due to unverified emails from Microsoft Identity Platform | discourse | discourse-microsoft-auth | Critical | 9.0 | 2024-02-21 16:08:41 | Deep Dive |
| CVE-2023-49801 | Lif Auth Server vulnerable to uncontrolled data in path expression | Lif-Platforms | Lif-Auth-Server | Medium | 4.2 | 2024-01-12 21:08:06 | Deep Dive |
| CVE-2023-48309 | next-auth vulnerable to possible user mocking that bypasses basic authentication | nextauthjs | next-auth | Medium | 5.3 | 2023-11-20 18:25:02 | Deep Dive |
| CVE-2023-27435 | WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF) | Sami Ahmed Siddiqui | HTTP Auth | Medium | 6.3 | 2023-10-03 13:07:57 | Deep Dive |
| CVE-2023-42446 | Pow Mnesia cache doesn't invalidate all expired keys on startup | pow-auth | pow | Medium | 6.5 | 2023-09-18 21:29:22 | Deep Dive |
| CVE-2023-41945 | Jenkins Plugin Assembla Auth 安全漏洞 | Jenkins Project | Jenkins Assembla Auth Plugin | 高危 | - | 2023-09-06 12:09:02 | Deep Dive |
| CVE-2023-37961 | Jenkins Plugin Assembla Auth 跨站请求伪造漏洞 | Jenkins Project | Jenkins Assembla Auth Plugin | 高危 | - | 2023-07-12 15:53:00 | Deep Dive |
| CVE-2023-32987 | Jenkins Plugin Reverse Proxy Auth 跨站请求伪造漏洞 | Jenkins Project | Jenkins Reverse Proxy Auth Plugin | 高危 | - | 2023-05-16 16:00:08 | Deep Dive |
| CVE-2023-27490 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth | nextauthjs | next-auth | High | 8.1 | 2023-03-09 20:37:11 | Deep Dive |
| CVE-2022-39183 | Moodle Plugin - SAML Auth Open Redirect | Moodle Plugin - SAML Auth | Moodle Plugin - SAML Auth | Medium | 6.5 | 2023-01-12 00:00:00 | Deep Dive |
| CVE-2014-125065 | john5223 bottle-auth sql injection | john5223 | bottle-auth | Medium | 5.5 | 2023-01-07 19:39:56 | Deep Dive |
| CVE-2015-10027 | hydrian TTRSS-Auth-LDAP Username ldap injection | hydrian | TTRSS-Auth-LDAP | Medium | 5.5 | 2023-01-07 16:42:32 | Deep Dive |