Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.6 views

CVE-2026-35514

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 7:16 p.m.6 views

CVE-2026-35514

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 6:21 p.m.13 views

CVE-2026-35514

Vulnerability overview : Chartbrew 4.9.0 contains an unauthenticated account creation bypass via POST /user/invited, which does not validate invite tokens, authentication headers, or sessions. This allows any unauthenticated user to create a fully active account and obtain a valid JWT, even when ...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 6:21 p.m.34 views

CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS0.00243EPSS
Exploits0References2
OSV
OSV
added 2021/08/23 8:15 p.m.16 views

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

4.3CVSS6.3AI score0.00974EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/08/23 8:15 p.m.24 views

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

4.3CVSS5.8AI score0.00974EPSS
Exploits0References4
Prion
Prion
added 2021/08/23 8:15 p.m.11 views

Information disclosure

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

4CVSS4.2AI score0.00974EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/08/23 7:53 p.m.35 views

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

4.3CVSS4.5AI score0.00974EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/08/21 4:34 a.m.15 views

CVE-2020-14215

Zulip Server before 2.1.5 has Incorrect Access Control because 0198preregistrationuserinvitedas adds the administrator role to invitations...

7.6AI score0.00891EPSS
Exploits0References1
Rows per page
Query Builder