Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1121 matches found

NVD
NVDadded 2020/06/19 5:15 p.m.9 views

CVE-2018-21261

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team inviteid, which leads to unintended excessive invitation privileges...

4.3CVSS0.00152EPSS
Exploits0References1
Cvelist
Cvelistadded 2020/06/19 4:51 p.m.14 views

CVE-2018-21261

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team inviteid, which leads to unintended excessive invitation privileges...

4.7AI score0.00152EPSS
Exploits0References1
CVE
CVEadded 2020/06/19 4:51 p.m.38 views

CVE-2018-21261

CVE-2018-21261 (Mattermost Server) affects versions prior to 4.8.1, 4.7.4, and 4.6.3. An email invite could include the team invite_id, leading to unintended excessive invitation privileges. Root cause: leakage of invite_id via invites; impact: users may gain expanded invitation privileges. No ex...

4.3CVSS4.6AI score0.00152EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2020/06/19 4:15 p.m.16 views

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

7.5CVSS6.9AI score
Exploits0References1
NVD
NVDadded 2020/06/19 4:15 p.m.10 views

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

7.5CVSS0.00241EPSS
Exploits0References1
Prion
Prionadded 2020/06/19 4:15 p.m.12 views

Code injection

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

5CVSS7.6AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/06/19 3:19 p.m.15 views

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

7.6AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2020/06/19 12:0 a.m.4 views

PT-2020-8901

Name of the Vulnerable Software and Affected Versions Mattermost Server versions prior to 5.1 Description An issue in Mattermost Server allows attackers to cause a denial of service via the invite people slash command. Recommendations For versions prior to 5.1, update to version 5.1 or later to...

7.5CVSS6.8AI score0.00333EPSS
Exploits0References10
BDU FSTEC
BDU FSTECadded 2020/06/17 12:0 a.m.5 views

The vulnerability of the “invite_by_admins_only” permission implementation in the Zulip Server group chat application allows a violator to gain unauthorized access to protected information.

The vulnerability of the “invitebyadminsonly” permission implementation in the Zulip Server group chat application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

9.3CVSS5.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/05/05 2:8 p.m.14 views

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

6AI score0.00557EPSS
Exploits0References3
CVE
CVEadded 2020/05/05 2:8 p.m.64 views

CVE-2020-11737

CVE-2020-11737 concerns Zimbra Web Client (9.0) with an XSS vulnerability: an attacker can craft links in email/calendar invites that execute arbitrary JavaScript. The attack requires an A element with an href containing a "www" substring followed immediately by a DOM event listener (e.g., onmous...

6.1CVSS5.9AI score0.00557EPSS
Exploits0References3Affected Software1
Hacker One
Hacker Oneadded 2020/02/14 8:22 p.m.131 views

Mail.ru: [icq.im] Reflected XSS via chat invite link

Insufficient filtering in icq.im allowed reflected XSS via invite link...

3.5AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2019/11/25 12:0 a.m.43 views

FreeBSD : asterisk -- Re-invite with T.38 and malformed SDP causes crash (94c6951a-0d04-11ea-87ca-001999f8d30b)

The Asterisk project reports : If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrig...

7.5CVSS7.2AI score0.00166EPSS
Exploits0References3
NVD
NVDadded 2019/11/22 5:15 p.m.19 views

CVE-2019-18976

An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...

7.5CVSS7.4AI score0.00166EPSS
Exploits0References6
Cvelist
Cvelistadded 2019/11/22 4:59 p.m.21 views

CVE-2019-18976

An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...

7.5AI score0.00166EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2019/11/08 12:15 a.m.22 views

CVE-2019-18835

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

9.8CVSS7.2AI score0.00191EPSS
Exploits0References4
OSV
OSVadded 2019/11/08 12:15 a.m.2 views

UBUNTU-CVE-2019-18835

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

9.8CVSS7.2AI score0.00191EPSS
Exploits0References5
Prion
Prionadded 2019/11/08 12:15 a.m.14 views

Code injection

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

7.5CVSS9.4AI score0.00191EPSS
Exploits0References2Affected Software1
PyPA
PyPAadded 2019/11/08 12:15 a.m.4 views

PYSEC-2019-186

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

9.8CVSS7AI score0.00191EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2019/11/07 11:12 p.m.19 views

CVE-2019-18835

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

9.8CVSS8.7AI score0.00191EPSS
Exploits0
Rows per page
Query Builder