pocket-id — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in pocket-id, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28513	Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange CWE-863	8.5	High	2026-03-09
CVE-2026-28512	Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion CWE-601	7.1	High	2026-03-09

All 2 known CVE vulnerabilities affecting pocket-id with full Chinese analysis, references, and POCs where available.