CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

CVE-2025-22449

Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...

PT-2024-18982 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip version 8.0 Description: A vulnerability in Zulip affects installations where non-admins can invite users and create multi-use invitations, but only admins can invite users to streams. This issue allows users to invite new users to...

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...