浏览 60+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41427 | Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients | better-auth | better-auth | - | - | 2026-04-24 19:23:20 | Deep Dive |
| CVE-2026-32236 | @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch | @backstage | plugin-auth-backend | 低危 | - | 2026-03-12 18:37:11 | Deep Dive |
| CVE-2026-32235 | @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass | @backstage | plugin-auth-backend | Medium | 5.9 | 2026-03-12 18:35:06 | Deep Dive |
| CVE-2026-31813 | Supabase Auth has insecure Apple and Azure authentication with ID tokens | supabase | auth | Medium | 4.8 | 2026-03-11 16:42:57 | Deep Dive |
| CVE-2026-30964 | Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation | web-auth | webauthn-framework | Medium | 5.4 | 2026-03-10 17:16:47 | Deep Dive |
| CVE-2026-25651 | client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect | tgies | client-certificate-auth | Medium | 6.1 | 2026-02-06 18:50:26 | Deep Dive |
| CVE-2025-9312 | Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-11-18 12:05:22 | Deep Dive |
| CVE-2025-10853 | Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding | WSO2 | WSO2 Open Banking IAM | Medium | 5.2 | 2025-11-05 19:21:33 | Deep Dive |
| CVE-2025-10611 | Potential Broken Access Control in Multiple WSO2 Products via System REST APIs | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-10-16 12:09:32 | Deep Dive |
| CVE-2025-61928 | Better Auth: Unauthenticated API key creation through api-key plugin | better-auth | better-auth | - | - | 2025-10-09 21:24:38 | Deep Dive |
| CVE-2025-61783 | Python Social Auth - Django has unsafe account association | python-social-auth | social-app-django | - | - | 2025-10-09 20:57:21 | Deep Dive |
| CVE-2025-53535 | Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes | better-auth | better-auth | - | - | 2025-07-07 17:15:52 | Deep Dive |
| CVE-2025-48370 | auth-js Vulnerable to Insecure Path Routing from Malformed User Input | supabase | auth-js | - | - | 2025-05-27 15:27:01 | Deep Dive |
| CVE-2024-6713 | PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS | Unknown | PVN Auth Popup | - | - | 2025-05-15 20:07:10 | Deep Dive |
| CVE-2024-6718 | PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode | Unknown | PVN Auth Popup | - | - | 2025-05-15 20:07:10 | Deep Dive |
| CVE-2025-46826 | insa-auth Open-Redirect on provided CAS server login endpoint | INSAgenda | insa-auth | - | - | 2025-05-07 21:32:31 | Deep Dive |
| CVE-2024-57835 | Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions | TANIGUCHI | Amon2::Auth::Site::LINE | - | - | 2025-04-05 16:11:11 | Deep Dive |
| CVE-2025-27143 | Beter Auth has an Open Redirect via Scheme-Less Callback Parameter | better-auth | better-auth | 中危 | - | 2025-02-24 22:16:55 | Deep Dive |
| CVE-2025-23506 | WordPress WP IMAP Auth plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | imsoftware | WP IMAP Auth | High | 7.1 | 2025-01-22 14:31:58 | Deep Dive |
| CVE-2024-56734 | Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint | better-auth | better-auth | 高危 | - | 2024-12-30 16:48:58 | Deep Dive |