Lucene search
K

216 matches found

Drupal
Drupal
added 2026/01/14 12:0 a.m.11 views

Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

This module enables allows group managers to invite people into their group. The module doesn't sufficiently check access under certain circumstances, allowing unauthorized users to access the group's content. This vulnerability is mitigated by the fact that it only occurs when certain uncommon...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.5 views

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...

7.2CVSS7AI score0.01108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.25 views

CVE-2024-39777

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...

9.6CVSS6.7AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.7 views

CVE-2024-2232

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

8.1CVSS6.9AI score0.00261EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.4 views

PT-2025-53391

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 32.0 through 37.1 Description Pexip Infinity, in specific configurations of OTJ One Touch Join for Teams SIP Guest Join, exhibits improper input validation within the OTJ service. This flaw allows a remote attacker to...

5.9CVSS6.7AI score0.00271EPSS
Exploits0References4
CVE
CVE
added 2025/12/09 2:7 a.m.19 views

CVE-2025-66622

Affected software: matrix-sdk-base (base component for Matrix Rust SDK). Vulnerability: Versions 0.14.1 and earlier cannot handle responses with custom m.room.join_rules values due to a serialization bug, which can cause a denial-of-service by stalling the crate’s sync process when invited to a r...

7.5CVSS6.2AI score0.00345EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 2:7 a.m.4 views

CVE-2025-66622 matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values

matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room wit...

5.3CVSS6.3AI score0.00345EPSS
Exploits0References4
RustSec
RustSec
added 2025/12/08 12:0 p.m.6 views

matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

7.5CVSS6.8AI score0.00345EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/29 3:16 a.m.7 views

CVE-2025-66223

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/29 2:45 a.m.5 views

EUVD-2025-199890

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS6.6AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/29 2:45 a.m.9 views

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS0.00238EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/11/24 8:3 a.m.9 views

A week in security (November 17 – November 23)

Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/21 3:28 p.m.22 views

Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

6.9AI score
Exploits0
HackRead
HackRead
added 2025/11/12 11:1 a.m.5 views

@facebookmail.com Invites Exploited to Phish Facebook Business Users

If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers…...

7AI score
Exploits0
CVE
CVE
added 2025/11/06 8:55 p.m.13 views

CVE-2025-64326

Weblate (web-based localization tool) versions 5.14 and earlier leak the inviting user’s IP address in the audit log, which can be viewed by invited project members. The root cause is exposure of IPs in admin-triggered actions within the audit log. The issue is fixed in Weblate 5.14.1. Affected p...

3.5CVSS6.3AI score0.00162EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.10 views

PT-2025-45379

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.14.1 Description Weblate versions 5.14 and below disclose the IP address of a project member when inviting a user to a project. The audit log, which includes IP addresses from administrative actions, is accessible t...

2.6CVSS6.4AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 2025/10/24 6:15 a.m.4 views

UBUNTU-CVE-2025-9158

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

5.3CVSS6.2AI score0.00404EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/24 6:0 a.m.5 views

EUVD-2025-35802

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

5.3CVSS6.1AI score0.00404EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0123

Malware in sbrugna...

6.1CVSS6.1AI score0.01809EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-28175

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References2
Rows per page
Query Builder