GHSA-99H5-PJCV-GR6V Better Auth: Unauthenticated API key creation through api-key plugin

Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisationid during creation of API keys...