Access Control Bypass

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Access Control Bypass via the via POST /api/v1/account/login and POST /api/v1/account/invite endpoints. An attacker can gain access to arbitrary bcrypt password hash, tempToken, and tokenExpiry, including...

CVE-2026-35514

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

CVE-2026-35514

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

EUVD-2026-26405

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

Kanboard 安全漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the user...

CVE-2025-68667

Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Affected products include Conduit prior to version 0.10.10,...

PT-2025-52860

Name of the Vulnerable Software and Affected Versions continuwuity versions prior to 0.5.0 Description A remote, unauthenticated attacker can force the target server to cryptographically sign arbitrary membership events. This occurs because the server does not validate the origin of a signing...

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/api4/ is a Affected versions of this package are vulnerable to Incorrect Authorization. due to improper access controls in the team invite modification endpoint /api/v4/teams/:teamId/privacy. An attacker can escalate privileges by...

PT-2023-26436 · Unknown · Moosocial Moodating

Name of the Vulnerable Software and Affected Versions: mooSocial mooDating version 1.2 Description: A problem was found in the file /friends/ajax invite of the component URL Handler, which can be exploited to perform cross site scripting. The attack can be launched remotely. Recommendations: For...

PT-2019-15690 · Matrix +2 · Matrix Synapse +2

Name of the Vulnerable Software and Affected Versions: Matrix Synapse versions prior to 1.5.0 Description: The issue concerns the mishandling of signature checking on some federation APIs. Events sent over "/send join", "/send leave", and "/invite" API endpoints may not be correctly signed, or ma...