Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| better-auth | better-auth | < 1.6.11 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-53513 | 9.6 CRITICAL | Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/ss |
| CVE-2026-53516 | 8.3 HIGH | Better Auth: Account takeover via OAuth auto-link to unverified pre-registered email |
| CVE-2026-53517 | 8.1 HIGH | Better Auth OAuth Provider: Refresh Token Rotation Race Condition Allows Concurrent Replay |
| CVE-2026-53514 | 7.7 HIGH | Better Auth: Unauthorized invitation acceptance via unverified email match in organization |
| CVE-2026-45337 | 7.6 HIGH | Better Auth: Device authorization approve and deny accept any authenticated session while |
| CVE-2026-53515 | 7.1 HIGH | Better Auth: Privilege escalation via SSO provider registration: missing admin role check |
| CVE-2026-53518 | Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Us |
No comments yet