Lucene search
K

7 matches found

OSV
OSV
added 2026/05/21 8:35 p.m.12 views

GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28630

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet, an open source device management software, had a flaw in how user invitations were handled. Specifically, the email address entered when accepting an invitation wasn’t checked against the email...

8.8CVSS5.9AI score0.60368EPSS
Exploits18References45
Vulnrichment
Vulnrichment
added 2025/12/15 8:21 p.m.2 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS6.4AI score0.00319EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-31329

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02806EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.8 views

CVE-2023-32677

Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...

3.1CVSS6.6AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/01/10 8:50 p.m.9 views

CVE-2025-22449

Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...

3.8CVSS6.6AI score0.00268EPSS
Exploits0References4
OSV
OSV
added 2021/08/25 7:15 p.m.5 views

UBUNTU-CVE-2021-22243

Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group...

5CVSS5.8AI score0.00505EPSS
Exploits0References4
Rows per page
Query Builder