Lucene search
K

216 matches found

RedhatCVE
RedhatCVE
added 2025/03/28 6:6 p.m.15 views

CVE-2025-26559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.7 views

CVE-2025-26559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...

6.5CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:24 p.m.43 views

CVE-2025-26559

CVE-2025-26559 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Secure Invites plugin. The CVE references NotFound Secure Invites and indicates an impact on Secure Invites versions up to 1.3. Connected documents specify a WordPress plugin context (Secure Invites) and list ...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:24 p.m.7 views

CVE-2025-26559 WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Secure Invites wordpress-mu-secure-invites allows Reflected XSS.This issue affects Secure Invites: from n/a through = 1.3...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

WordPress plugin Secure Invites 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS8.1AI score0.00331EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/21 8:2 a.m.5 views

WordPress Secure Invites plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Secure Invites versions = 1.3...

6.5CVSS7.6AI score0.00331EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/12 5:37 p.m.6 views

DRUPAL-CONTRIB-2025-015

Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that social\event\max\enroll has to be enabled...

8.1CVSS6.7AI score0.00382EPSS
Exploits0References1
Drupal
Drupal
added 2025/02/12 12:0 a.m.11 views

Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015

Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that socialeventmaxenroll has to be enabled...

8.1CVSS7AI score0.00382EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/04 10:57 p.m.7 views

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9AI score0.00783EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.11 views

PT-2025-4490 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.0 through 9.11.5 Description: The issue is related to the failure of Mattermost to enforce invite permissions. This allows team admins, who do not have permission to invite users to their team, to invite users by maki...

8.9CVSS6.3AI score0.0104EPSS
Exploits2References90
HackRead
HackRead
added 2024/12/19 1:40 p.m.5 views

Google Calendar Phishing Scam Targets Users with Malicious Invites

Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information...

7.2AI score
Exploits0
Veracode
Veracode
added 2024/12/10 6:45 a.m.13 views

Improper Input Validation

Synapse is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of invites received over federation, allowing a malicious server to send crafted invites that disrupt the affected user's ability to perform /sync operations...

8.7CVSS6.5AI score0.00547EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2024/12/04 3:49 a.m.3 views

SUSE CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

5.3CVSS6.9AI score0.00547EPSS
Exploits0References3
OSV
OSV
added 2024/12/03 5:15 p.m.3 views

DEBIAN-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

5.3CVSS6.8AI score0.00547EPSS
Exploits0References1
OSV
OSV
added 2024/12/03 5:15 p.m.7 views

UBUNTU-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

8.7CVSS5.8AI score0.00547EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.4 views

PT-2024-35463 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.120.1 Description: Synapse is an open-source Matrix homeserver. The issue arises from the failure to properly validate invites received over federation, allowing a malicious server to send a specially crafted invit...

8.7CVSS6.6AI score0.00715EPSS
Exploits0References20
OSV
OSV
added 2024/11/04 3:44 p.m.21 views

GO-2024-3240 Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

Grafana org admin can delete pending invites in different org in github.com/grafana/grafana...

2.7CVSS3.8AI score0.00496EPSS
Exploits0References4
OSV
OSV
added 2024/10/31 7:9 a.m.193 views

BIT-GRAFANA-2024-10452

Organization admins can delete pending invites created in an organization they are not part of...

2.7CVSS3.8AI score0.00496EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/10/31 4:5 a.m.4 views

SUSE CVE-2024-10452

Organization admins can delete pending invites created in an organization they are not part of...

2.2CVSS7AI score0.00496EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/29 6:30 p.m.251 views

Grafana org admin can delete pending invites in different org

Organization admins can delete pending invites created in an organization they are not part of...

2.7CVSS7.1AI score0.00496EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder