CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

GHSA-GR35-VPX2-QXHC Weblate leaks the IP of project member inviting user to be reviewer in Audit log

Summary Weblate leaks the IP address of the project member inviting the user to the project in the audit log. Details The audit log included IP addresses from admin-triggered actions, and those could be viewed by invited users. Impact The inviting user's admin's IP address could be leaked to...

Linux Distros Unpatched Vulnerability : CVE-2021-22249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group CVE-2021-22249 Note...

UBUNTU-CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

Infogram: Application Vulnerable to CSRF - Remove Invited user

POC: 1. Login to the application with a business account. 2. Go to Manage teams, where we can send invites to a team member. Send a Invite to a team member 3. After the invite is sent to a user, the admin has option to Remove User. 4. While trying to remove the user, capture the request in burp ,...

Paragon Initiative Enterprises: Invited user to a Author profile can remove the owner of that Author

SUMMURY: ------------------------------------- A user invite another user to his author by giving ownership. ------------------ Later invited user can completely remove the real owner from that author . ------------------- ----------------------------------- STEP TO REPRODUCE:...

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803...

CVE-2016-0356

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895...