61 matches found
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...
CVE-2022-31025
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...
EUVD-2017-1249
Malware in sbrugna...
EUVD-2022-26893
Malicious code in bioql PyPI...
EUVD-2023-25600
Malicious code in bioql PyPI...
EUVD-2022-24956
Malicious code in bioql PyPI...
EUVD-2025-20987
Malicious code in bioql PyPI...
EUVD-2025-20988
Malicious code in bioql PyPI...
EUVD-2023-50850
Malicious code in bioql PyPI...
EUVD-2024-46882
Malicious code in bioql PyPI...
BIT-GITLAB-2025-6168 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...
BIT-GITLAB-2025-4972 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...
CVE-2025-6168
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...
CVE-2025-4972
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...
CVE-2025-6168
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...
CVE-2025-4972
GitLab EE CVE-2025-4972 affects GitLab EE versions 18.0 before 18.0.4 and 18.1 before 18.1.2. The issue allows authenticated users with invitation privileges to bypass group‑level user invitation restrictions by manipulating the group invitation functionality. Root cause/details beyond this are n...
CVE-2025-4972 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...
CVE-2025-4972
Removed by vendor...
CVE-2025-6168 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...
CVE-2025-6168
Removed by vendor...