Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes 2.5.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default setting ALLOWEDHOSTS = , which could all...

CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

EUVD-2020-5565

Malware in sbrugna...

EUVD-2024-0490

Malicious code in bioql PyPI...

EUVD-2025-16451

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-12474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public UR...

FreeScout Security Bypass Vulnerability

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...

CVE-2025-48481 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...

FreeScout 安全漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...

CVE-2024-25625

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.7 and 9.10.x through 9.10.0, which stems from a failure to properly implement privilege controls, resulting in the ability to...

GitLab 1.0 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13305)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. CVE-2020-13305 Note that...

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

CVE-2024-0404

CVE-2024-0404 describes a mass-assignment vulnerability in the mintplex-labs/anything-llm repository, specifically the "/api/invite/:code" endpoint. The issue allows an attacker to inject a privileged role (admin) during account creation via an invitation link by exploiting missing property allow...

PT-2024-15530 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A mass assignment vulnerability exists in the "/api/invite/:code" endpoint, allowing unauthorized creation of high-privileged accounts. By intercepting and...

Discourse 竞争条件问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a competitive conditions issue vulnerability that arises from the ability to create more users than allowed via an invitation link...

Mobileiron Sentry 安全漏洞

Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A security vulnerability exists in Mobileiron Sentry versions prior to 22.11.0, where an attacker with a known valid invitation link could manipulate cookies to allow the same invitation link to be reused on multiple accounts when...

Grafana 输入验证错误漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A security vulnerability exists in Grafana versions 9.x prior to 9.2.4 and 8.x prior to 8.5.1...