36 matches found
EUVD-2020-5024
Malware in sbrugna...
EUVD-2022-34720
Malicious code in bioql PyPI...
EUVD-2022-24352
Malicious code in bioql PyPI...
EUVD-2024-1372
Malicious code in bioql PyPI...
CVE-2025-48481
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48481
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48481 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48481
Affected software: FreeScout (PHP/Laravel). Vulnerability: Business logic bypass allowing an attacker with an unactivated email invitation containing an invite_hash to self-activate a blocked or deleted account by using the invitation link, gaining initial access. Root cause / details: Described ...
CVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...
CVE-2022-1002
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...
PT-2025-23247 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue allows an attacker with an unactivated email invitation containing the invite hash to self-activate their account, even if it is blocked or deleted. This is achieved by leveraging the...
HackerOne: inviting collaborator using email disclose the hackerone account related to the user
The new HackerOne collaborator feature allowed users to disclose the HackerOne account associated with an email address without the invitee's interaction...
HackerOne: Any one can view collaborater email address via path /reports/<id>/participants
The vulnerability allowed anyone to view the email address of collaborators invited to vulnerability reports through the program's API. Access to collaborator email addresses was not properly restricted...
Discourse < 2.8.8 Email Invitation Vulnerability
Discourse is prone to a vulnerability where email invitations to topics are not rate limited in some cases. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE that originates from an email...
CVE-2022-1385
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
Design/Logic Flaw
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
Mattermost has an unspecified vulnerability (CNVD-2022-22661)
A security vulnerability exists in Mattermost, an open source collaboration platform from Mattermost Inc. in the U.S. The vulnerability allows a registered user with special privileges to invite guest users to inject unescaped HTML content into an email invitation. No details of the vulnerability...