7 matches found
GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...
PT-2026-28630
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet, an open source device management software, had a flaw in how user invitations were handled. Specifically, the email address entered when accepting an invitation wasn’t checked against the email...
CVE-2025-64725 Weblate has improper validation upon invitation acceptance
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...
EUVD-2022-31329
Malicious code in bioql PyPI...
CVE-2023-32677
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...
CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
UBUNTU-CVE-2021-22243
Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group...