CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

CVE-2025-64326

Weblate (web-based localization tool) versions 5.14 and earlier leak the inviting user’s IP address in the audit log, which can be viewed by invited project members. The root cause is exposure of IPs in admin-triggered actions within the audit log. The issue is fixed in Weblate 5.14.1. Affected p...

Omise: Pending invites remain valid even after the inviter is removed.

The pending invites created by a removed admin remained valid, and members already added by the removed admin remained in the team with admin privileges, even after the inviter was removed...

CVE-2024-21630 Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to

Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...