All 5 CVE vulnerabilities found in feathers, with AI-generated Chinese analysis, references, and POCs.
Vendor: feathersjs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29792 | Feathersjs has an OAuth Callback Account Takeover CWE-287 | 8.2AI | HighAI | 2026-03-10 |
| CVE-2026-27193 | Feathers exposes internal headers via unencrypted session cookie CWE-200 | 5.3AI | MediumAI | 2026-02-21 |
| CVE-2026-27192 | Feathers has an origin validation bypass via prefix matching CWE-346 | 9.1AI | CriticalAI | 2026-02-21 |
| CVE-2026-27191 | Feathers: Open Redirect in OAuth callback enables account takeover CWE-601 | 8.1AI | HighAI | 2026-02-21 |
| CVE-2023-37899 | feathersjs socket handler allows abusing implicit toString CWE-754 | 7.5 | High | 2023-07-19 |
All 5 known CVE vulnerabilities affecting feathers with full Chinese analysis, references, and POCs where available.