EUVD-2025-199752

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

Unauthorized Invite Deletion

github.com/grafana/grafana is vulnerable to unauthorized invite deletion. The vulnerability is due to insufficient access control validation in the system, where organization admins are not properly restricted to actions only within the organization they belong to. It allows admins to delete...

CVE-2023-1774

CVE-2023-1774 concerns Mattermost where processing an email invite to a private channel does not validate the inviter’s permission for that channel. The result is that an attacker can invite themselves to a private channel without proper authorization. The issue centers on the invite handling flo...

CVE-2023-1774 Unauthorized email invite to a private channel

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...