Browse all 7 CVE security advisories affecting odude. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Odude is a software component primarily used for authentication and session management in web applications. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The seven CVEs recorded for this component reveal consistent patterns of insufficient input validation and insecure default configurations. Security researchers have noted that odude's implementation often lacks proper sanitization of user-supplied data, leading to injection-based vulnerabilities. While no major public security incidents have been widely documented, the accumulation of CVEs suggests ongoing security challenges that require careful implementation and regular updates when using this authentication framework.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11986 | Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State — Crypto ToolCWE-306 | 5.3 | Medium | 2025-11-11 |
| CVE-2025-11988 | Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion — Crypto ToolCWE-862 | 5.3 | Medium | 2025-11-11 |
| CVE-2024-9989 | Crypto <= 2.18 - Authentication Bypass via log_in — Crypto ToolCWE-288 | 9.8 | Critical | 2024-10-29 |
| CVE-2024-9990 | Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass — Crypto ToolCWE-352 | 8.8 | High | 2024-10-29 |
| CVE-2024-9988 | Crypto <= 2.19 - Authentication Bypass via register — Crypto ToolCWE-288 | 9.8 | Critical | 2024-10-29 |
This page lists every published CVE security advisory associated with odude. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.