216 matches found
CVE-2025-48062
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
BIT-DISCOURSE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
CVE-2025-48062
Technical details about CVE-2025-48062 are not publicly disclosed in the provided documents. Monitor for updates from official sources.
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...
PT-2025-24432
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description The issue concerns HTML injection in email bodies when the topi...
GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server
Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...
Mattermost improperly allows team administrators to modify team invites
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...
CVE-2024-27085
Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. User...
CVE-2023-37904
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...
CVE-2023-21432
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner...
CVE-2022-45292
User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validation of team invite permissions. An attacker can bypass access restrictions by exploiting the API to add unauthorized guest users to a team. Note: This is only exploitable if the attacker is...
CVE-2025-20236
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...
CVE-2025-30656
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If the SIP ALG processes...
CVE-2025-30656
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If the SIP ALG processes...
PT-2025-15863 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S10 Junos OS versions 22.2 prior to 22.2R3-S6 Junos OS versions 22.4 prior to 22.4R3-S5 Junos OS versions 23.2 prior to 23.2R2-S3 Junos OS versions 23.4 prior to...
Exploit for Improper Input Validation in Microsoft
CVE-2023-23397 Exploitation & Mitigation Demo 📌 Overview...