Lucene search
K

7 matches found

NVD
NVD
added 2026/06/16 3:16 p.m.18 views

CVE-2026-48780

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...

8.2CVSS0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.1 views

CVE-2026-33424

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...

5.9CVSS5.8AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 11:8 p.m.9 views

CVE-2026-33424

The CVE concerns Discourse (open-source discussion platform). Affected are versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The issue allows an attacker to regain access to a private message (PM) topic via invites even after revoking the attacker’s PM access. The root cause is the PM ...

5.9CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/20 11:8 p.m.2 views

CVE-2026-33424 PM access granted through invites after access revocation

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...

5.9CVSS5.9AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2025/11/26 12:0 a.m.12 views

CVE-2025-65672

CVE-2025-65672 concerns an insecure direct object reference (IDOR) in ClassroomIO 0.1.13, enabling unauthorized sharing and inviting access to course settings. Connected sources consistently describe the root cause as broken access control with IDOR, allowing a student‑level user to manipulate co...

7.5CVSS6.5AI score0.0034EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.8 views

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

0.0034EPSS
Exploits2References3
OSV
OSV
added 2025/08/21 8:15 a.m.4 views

CVE-2025-47870

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

4.3CVSS6.9AI score
Exploits0References1
Rows per page
Query Builder