All 2 CVE vulnerabilities found in devise, with AI-generated Chinese analysis, references, and POCs.
Vendor: heartcombo
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40295 | Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler CWE-601 | 6.1 | Medium | 2026-05-22 |
| CVE-2026-32700 | Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to CWE-362 | 5.3 | - | 2026-03-18 |
All 2 known CVE vulnerabilities affecting devise with full Chinese analysis, references, and POCs where available.