GHSA-9r87-mvcw-x35f: Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass | AI Sec Watch