CVE-2023-1774

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-37904

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

CVE-2022-2326

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

CVE-2020-13280

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message...

CVE-2018-21253

An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invitepeople slash command to invite a non-permitted user...

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

CVE-2011-2562

Unspecified vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15bsu3, 8.x before 8.03asu1, and 8.5 before 8.51 allows remote attackers to cause a denial of service service outage via a SIP INVITE message, aka Bug ID CSCth43256...

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

CVE-2002-2155

Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name...

CVE-2002-1891

Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request...

Incorrect Authorization

Mattermost is vulnerable to Improper Authorization. The vulnerability is due to authenticated users with restricted invite rights being able to add guest users to a team via the API, bypassing intended access controls...

Mattermost Fails to Validate Team Invite Permissions

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

CVE-2025-3446

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...