Lucene search
K

1127 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:57 a.m.7 views

CVE-2024-2913

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.3AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:4 a.m.10 views

CVE-2023-1774

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...

5.4CVSS6.7AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.6 views

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00402EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.8 views

CVE-2023-37904

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

3.1CVSS6.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:53 p.m.12 views

CVE-2022-2326

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

8.1CVSS6.6AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.4 views

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

5.3CVSS7AI score0.00497EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.7 views

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

9.1CVSS7.1AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:27 p.m.9 views

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

9CVSS9.4AI score0.03504EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.4 views

CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

5.4CVSS6.9AI score0.01261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.6 views

CVE-2020-13280

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message...

6.5CVSS6.4AI score0.0105EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.8 views

CVE-2018-21253

An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invitepeople slash command to invite a non-permitted user...

4.3CVSS6.9AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:2 a.m.9 views

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

7.5CVSS7AI score0.0094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 a.m.7 views

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

9.8CVSS7.1AI score0.01825EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 a.m.10 views

CVE-2011-2562

Unspecified vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15bsu3, 8.x before 8.03asu1, and 8.5 before 8.51 allows remote attackers to cause a denial of service service outage via a SIP INVITE message, aka Bug ID CSCth43256...

7.8CVSS6.9AI score0.01205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 a.m.6 views

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

7.8CVSS6.9AI score0.01328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:40 p.m.7 views

CVE-2002-2155

Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name...

7.5CVSS8AI score0.02023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:17 p.m.5 views

CVE-2002-1891

Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request...

7.5CVSS8.3AI score0.05008EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/16 3:18 p.m.3 views

Incorrect Authorization

Mattermost is vulnerable to Improper Authorization. The vulnerability is due to authenticated users with restricted invite rights being able to add guest users to a team via the API, bypassing intended access controls...

4.3CVSS6.8AI score0.00198EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2025/05/15 12:30 p.m.10 views

Mattermost Fails to Validate Team Invite Permissions

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

4.3CVSS6.8AI score0.00198EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/15 11:15 a.m.3 views

CVE-2025-3446

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...

4.3CVSS6.7AI score
Exploits0References1
Rows per page
Query Builder