Lucene search
K

259 matches found

vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.7 views

@ainsleydev/payload-helper (>=0.0.6 <=0.1.2), @davincicoding/payload-plugin-kit (=0.0.4) +9 more potentially affected by CVE-2026-25544 via @payloadcms/db-sqlite (>=3.0.0-beta.116 <=3.72.0)

@payloadcms/db-sqlite NPM version =3.0.0-beta.116, =0.0.6, =1.1.10, =1.2.0 - payload-smart-deletion =1.0.7 - simple-shop =1.0.0 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBSQLITE-15240188...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 11:18 a.m.7 views

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:31 a.m.9 views

CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

7.5CVSS7AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.4 views

CVE-2024-2233

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

6.3CVSS6.7AI score0.00193EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.10 views

SUSE CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS6.8AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/05 8:41 p.m.29 views

CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

7.7CVSS0.00292EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/15 8:21 p.m.17 views

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

1CVSS0.00319EPSS
Exploits0References4
OSV
OSV
added 2025/12/15 7:58 p.m.3 views

GHSA-M6HQ-F4W9-QRJJ Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

1CVSS6.8AI score0.00319EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/15 7:58 p.m.8 views

Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

9.8CVSS6.9AI score0.00319EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.8 views

PT-2025-49576

Name of the Vulnerable Software and Affected Versions matrix-sdk-base versions 0.14.1 and prior Description The software is susceptible to a denial-of-service condition. If a user is invited to a room with non-standard join rules, the sync process will stall, preventing further processing for all...

5.3CVSS6.5AI score0.00358EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/04 6:17 p.m.15 views

CVE-2025-66223

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS7AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/29 2:45 a.m.3 views

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS6.7AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/29 2:45 a.m.12 views

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS0.00238EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/28 8:33 a.m.6 views

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting...

6.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.2 views

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

6.5AI score0.0031EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.9 views

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS6.7AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 5:15 p.m.6 views

CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.7 views

authentik 代码问题漏洞

authentik is an open source identity provisioning application from authentik open source. A code issue vulnerability exists in authentik versions prior to 2025.8.5 and prior to 2025.10.2, which stems from invitations being treated as valid even after they have expired, which could lead to...

5.8CVSS6.6AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47495

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.8.5 authentik versions prior to 2025.10.2 Description authentik, an open-source Identity Provider, had a flaw where invitations remained valid even after expiration. This relied on background tasks to remove...

9.9CVSS6.4AI score0.7654EPSS
Exploits34References92
RedhatCVE
RedhatCVE
added 2025/11/11 1:44 p.m.7 views

CVE-2025-64681

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations...

3.7CVSS6.8AI score0.00184EPSS
Exploits0References1
Rows per page
Query Builder