| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33544 | Tinyauth has OAuth account confusion via shared mutable state on singleton service instances | steveiliop56 | tinyauth | High | 7.7 | 2026-04-02 15:00:38 | Deep Dive |
| CVE-2026-32246 | Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint | steveiliop56 | tinyauth | High | 8.5 | 2026-03-12 18:59:21 | Deep Dive |
| CVE-2026-32245 | Tinyauth's OIDC authorization codes are not bound to client on token exchange | steveiliop56 | tinyauth | Medium | 6.5 | 2026-03-12 18:57:51 | Deep Dive |