Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/26 7:41 p.m.26 views

CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:41 p.m.9 views

CVE-2026-44731

OpenProject contains an input leakage in the web application’s meetings filter feature that lets an attacker determine whether a user ID is valid and view the user’s full name, enabling enumeration of existing accounts. The issue occurs before versions 17.3.2 and 17.4.0 and is resolved by upgradi...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS5.7AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:1 p.m.7 views

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS5.7AI score0.00247EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/05 6:45 p.m.4 views

GHSA-GR35-VPX2-QXHC Weblate leaks the IP of project member inviting user to be reviewer in Audit log

Summary Weblate leaks the IP address of the project member inviting the user to the project in the audit log. Details The audit log included IP addresses from admin-triggered actions, and those could be viewed by invited users. Impact The inviting user's admin's IP address could be leaked to...

2.6CVSS6.8AI score0.00181EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-22249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group CVE-2021-22249 Note...

4.3CVSS5.2AI score0.00974EPSS
Exploits0References2
OSV
OSV
added 2021/08/23 8:15 p.m.1 views

UBUNTU-CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

4.3CVSS5.8AI score0.00974EPSS
Exploits0References5
Hacker One
Hacker One
added 2017/10/24 1:48 p.m.17 views

Infogram: Application Vulnerable to CSRF - Remove Invited user

POC: 1. Login to the application with a business account. 2. Go to Manage teams, where we can send invites to a team member. Send a Invite to a team member 3. After the invite is sent to a user, the admin has option to Remove User. 4. While trying to remove the user, capture the request in burp ,...

Exploits0
Hacker One
Hacker One
added 2017/10/05 9:6 a.m.17 views

Paragon Initiative Enterprises: Invited user to a Author profile can remove the owner of that Author

SUMMURY: ------------------------------------- A user invite another user to his author by giving ownership. ------------------ Later invited user can completely remove the real owner from that author . ------------------- ----------------------------------- STEP TO REPRODUCE:...

1.4AI score
Exploits0
OSV
OSV
added 2017/08/29 6:29 p.m.2 views

CVE-2016-0356

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895...

6.5CVSS5.7AI score0.00712EPSS
Exploits0References4
OSV
OSV
added 2017/08/29 6:29 p.m.6 views

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803...

4.3CVSS5.8AI score0.00676EPSS
Exploits0References2
Rows per page
Query Builder