24 matches found
EUVD-2017-18445
Malware in sbrugna...
EUVD-2024-51923
Malicious code in bioql PyPI...
EUVD-2024-22954
Malicious code in bioql PyPI...
CVE-2025-2236
creationtimestamp| type| source ---|---|--- 2025-05-27 15:50:31+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq6246g76ga2...
CVE-2024-25623
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-53266
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to...
CVE-2024-53266
CVE-2024-53266 affects Discourse (open source discussion platform). In affected versions, with certain plugins and CSP disabled, the activity streams on a user’s profile page are vulnerable to cross-site scripting (XSS). The issue stems from how profile activity is rendered when CSP is not enforc...
PT-2025-2952 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version of Discourse core Description: Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in th...
CVE-2024-25636
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
Design/Logic Flaw
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
CVE-2024-25636 Lack of media type verification of Activity Streams objects allows impersonation and takeover of remote accounts
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
PT-2024-21043 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 4.2.7 Mastodon versions prior to 4.1.15 Mastodon versions prior to 4.0.15 Mastodon versions prior to 3.5.19 Description: Mastodon is a free, open-source social network server based on ActivityPub. When fetching remo...
PT-2024-21056 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2024.2.0 Description: Misskey is an open source, decentralized social media platform with ActivityPub support. The issue arises when fetching remote Activity Streams objects, as Misskey doesn't check that the respons...
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...
Design/Logic Flaw
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...