Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/01/05 8:41 p.m.3 views

CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

7.7CVSS6.2AI score0.00292EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/05 8:41 p.m.4 views

EUVD-2025-206231

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

7.7CVSS6.1AI score0.00292EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 8:41 p.m.14 views

CVE-2025-64423

Coolify CVE-2025-64423 affects the Web UI: in versions up to and including 4.0.0-beta.434, a low-privileged member can see and use admin invitation links, allowing login as an administrator if used before the legitimate recipient, i.e., privilege escalation. The Red Hat/NVD entries corroborate th...

8.8CVSS6.2AI score0.00292EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41823

Malicious code in bioql PyPI...

8.9CVSS8.4AI score0.00558EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.7 views

PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...

9.3CVSS7.1AI score0.00682EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.5 views

PT-2022-16070

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.4 authentik versions prior to 2022.10.4 Description The issue concerns token reuse in invitation URLs, leading to access control bypass via the use of a different enrollment flow than the one provided. An...

9.4CVSS7.1AI score0.00884EPSS
Exploits1References6
CVE
CVE
added 2022/11/02 12:0 a.m.81 views

CVE-2022-39356

CVE-2022-39356 affects Discourse. The vulnerability arises when an invitation link is not scoped to a single email, allowing an attacker to enter an arbitrary non-admin email and gain access to that account upon accepting the invitation. Reports across sources confirm this leads to user account t...

8.9CVSS8.8AI score0.00558EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2022/08/11 10:0 a.m.17 views

Slack flaw exposed users' hashed passwords

Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasnt specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2021/12/02 12:15 a.m.19 views

CVE-2021-43791 Ineffective expiration validation for invitation links in Zulip

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...

6.5CVSS6.4AI score0.00641EPSS
Exploits0References2
OSV
OSV
added 2020/09/14 10:15 p.m.1 views

UBUNTU-CVE-2020-13305

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project...

4.3CVSS5.8AI score0.00986EPSS
Exploits0References3
Rows per page
Query Builder