10 matches found
CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...
EUVD-2025-206231
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...
CVE-2025-64423
Coolify CVE-2025-64423 affects the Web UI: in versions up to and including 4.0.0-beta.434, a low-privileged member can see and use admin invitation links, allowing login as an administrator if used before the legitimate recipient, i.e., privilege escalation. The Red Hat/NVD entries corroborate th...
EUVD-2022-41823
Malicious code in bioql PyPI...
PT-2024-21045 · Pimcore · Pimcore Admin Classic Bundle
Name of the Vulnerable Software and Affected Versions: pimcore/admin-ui-classic-bundle versions prior to 1.3.4 Description: A potential security issue has been discovered in the pimcore/admin-ui-classic-bundle. The issue involves a Host Header Injection in the invitationLinkAction function of the...
PT-2022-16070
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.4 authentik versions prior to 2022.10.4 Description The issue concerns token reuse in invitation URLs, leading to access control bypass via the use of a different enrollment flow than the one provided. An...
CVE-2022-39356
CVE-2022-39356 affects Discourse. The vulnerability arises when an invitation link is not scoped to a single email, allowing an attacker to enter an arbitrary non-admin email and gain access to that account upon accepting the invitation. Reports across sources confirm this leads to user account t...
Slack flaw exposed users' hashed passwords
Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasnt specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed...
CVE-2021-43791 Ineffective expiration validation for invitation links in Zulip
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...
UBUNTU-CVE-2020-13305
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project...