9 matches found
CVE-2026-35514
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...
CVE-2026-35514
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...
CVE-2026-35514
Vulnerability overview : Chartbrew 4.9.0 contains an unauthenticated account creation bypass via POST /user/invited, which does not validate invite tokens, authentication headers, or sessions. This allows any unauthenticated user to create a fully active account and obtain a valid JWT, even when ...
CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
Information disclosure
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2021-22249
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...
CVE-2020-14215
Zulip Server before 2.1.5 has Incorrect Access Control because 0198preregistrationuserinvitedas adds the administrator role to invitations...