OneSignal – Web Push Notifications — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in OneSignal – Web Push Notifications, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3155	OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' CWE-862	3.1	Low	2026-04-16
CVE-2025-13950	OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update CWE-862	5.3	Medium	2025-12-15

All 2 known CVE vulnerabilities affecting OneSignal – Web Push Notifications with full Chinese analysis, references, and POCs where available.