CVE-2025-66223

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

authentik 代码问题漏洞

authentik is an open source identity provisioning application from authentik open source. A code issue vulnerability exists in authentik versions prior to 2025.8.5 and prior to 2025.10.2, which stems from invitations being treated as valid even after they have expired, which could lead to...

PT-2025-47495

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.8.5 authentik versions prior to 2025.10.2 Description authentik, an open-source Identity Provider, had a flaw where invitations remained valid even after expiration. This relied on background tasks to remove...

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

EUVD-2025-44056

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

CVE-2025-64681

JetBrains Hub before 2025.3.104992 is affected by a race condition that allows bypassing the user limit via invitations. This CVE (CVE-2025-64681) affects JetBrains Hub versions prior to 2025.3.104992 and is described across multiple feeds; exploitation status is not detailed in the provided docu...

PT-2025-46150

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2025.3.104992 Description A race condition existed that allowed bypassing the user limit through invitations. Recommendations Update JetBrains Hub to version 2025.3.104992 or later...

CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

CVE-2025-9158

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

Request Tracker 安全漏洞

Request Tracker is an issue and work order tracking system from Request Tracker, Inc. A security vulnerability exists in Request Tracker versions 5.0.4 through 5.0.8 and 6.0.0 through 6.0.1, which stems from a failure of the calendar invitation parsing feature to clean up HTML, which could lead t...