Lucene search
K

216 matches found

RedhatCVE
RedhatCVE
added 2025/06/11 1:21 p.m.4 views

CVE-2025-48062

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS6.8AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 11:45 a.m.4 views

BIT-DISCOURSE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS7AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2025/06/09 1:15 p.m.9 views

CVE-2025-48062

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 12:33 p.m.8 views

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS7.1AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 12:33 p.m.16 views

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 12:33 p.m.63 views

CVE-2025-48062

Technical details about CVE-2025-48062 are not publicly disclosed in the provided documents. Monitor for updates from official sources.

7.1CVSS7AI score0.00203EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/09 12:33 p.m.5 views

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

7.1CVSS6.8AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.6 views

PT-2025-24432

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description The issue concerns HTML injection in email bodies when the topi...

7.1CVSS6.7AI score0.00203EPSS
Exploits0References12
OSV
OSV
added 2025/06/03 5:58 p.m.24 views

GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...

5.3CVSS7AI score0.00265EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/29 6:31 p.m.16 views

Mattermost improperly allows team administrators to modify team invites

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...

5.3CVSS7AI score0.00265EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.10 views

CVE-2024-27085

Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. User...

6.5CVSS6.6AI score0.00569EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.6 views

CVE-2023-37904

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

3.1CVSS6.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:10 a.m.3 views

CVE-2023-21432

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner...

7.8CVSS6.9AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.4 views

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

5.3CVSS7AI score0.00497EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/15 12:30 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper validation of team invite permissions. An attacker can bypass access restrictions by exploiting the API to add unauthorized guest users to a team. Note: This is only exploitable if the attacker is...

5.3CVSS6.8AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2025/04/16 5:15 p.m.3 views

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

8.8CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2025/04/09 8:15 p.m.4 views

CVE-2025-30656

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If the SIP ALG processes...

8.7CVSS5.8AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 8:15 p.m.25 views

CVE-2025-30656

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If the SIP ALG processes...

8.7CVSS0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.8 views

PT-2025-15863 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S10 Junos OS versions 22.2 prior to 22.2R3-S6 Junos OS versions 22.4 prior to 22.4R3-S5 Junos OS versions 23.2 prior to 23.2R2-S3 Junos OS versions 23.4 prior to...

8.7CVSS6.6AI score0.00372EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2025/04/07 2:33 a.m.119 views

Exploit for Improper Input Validation in Microsoft

CVE-2023-23397 Exploitation & Mitigation Demo 📌 Overview...

9.8CVSS10AI score0.97408EPSS
Exploits18
Rows per page
Query Builder