CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

EUVD-2026-13904

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...

CVE-2026-33424 PM access granted through invites after access revocation

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...

PT-2026-1328

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A low privileged user member can invite a high privileged user, and subsequently gain...

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

EUVD-2007-3422

Malware in sbrugna...

EUVD-2022-52720

Malicious code in bioql PyPI...

EUVD-2023-0969

Malicious code in bioql PyPI...

CVE-2025-4687

In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...

CVE-2023-1774

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...

CVE-2022-2326

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

Unspecified Vulnerability in Zulip Server

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A security vulnerability exists in the implementation of the invitebyadminsonly setting in Zulip Server 1.5.1 and earlier versions. An attacker can exploit the vulnerability to invite oth...

CVE-2017-0896

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invitebyadminsonly setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this...