CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

CVE-2026-25808

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

EUVD-2025-10976

Malicious code in bioql PyPI...

CVE-2025-8356

creationtimestamp| type| source ---|---|--- 2025-08-08 20:18:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvw352u45y2e 2025-08-09 06:01:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvx3qbxvse2j 2025-08-11 11:21:56+00:00| seen|...

CVE-2025-3817

creationtimestamp| type| source ---|---|--- 2025-04-19 20:00:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12594 2025-04-19 23:30:16+00:00| seen| https://t.me/cvedetector/23395 2025-04-20 01:20:23+00:00| seen|...

CVE-2025-32946

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

CVE-2025-32946

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

CVE-2025-32946

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

CVE-2025-32946

PeerTube Arbitrary Playlist Creation via ActivityPub (CVE-2025-32946) allows one user to add playlists to another user’s channel due to a missing permission check when handling ActivityPub requests. The vulnerability is triggered when the code assigns the playlist owner to the requester while ass...

CVE-2025-32946 PeerTube Arbitrary Playlist Creation via ActivityPub Protocol

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

CVE-2025-32946 PeerTube Arbitrary Playlist Creation via ActivityPub Protocol

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

PT-2025-16337 · Git · Peertube

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: This issue allows an attacker to add playlists to a different user's channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who perform...

PeerTube 安全漏洞

PeerTube is a decentralized video sharing service platform open-sourced by Chocobozzz. It is used to create video projects. PeerTube suffers from a security vulnerability that stems from a lack of permission validation, which could lead to the addition of playlists to other users' channels via th...

Mastodon 路径遍历漏洞

Mastodon is an open source social networking server based on ActivityPub. Mastodon suffers from a path traversal vulnerability that stems from allowing an attacker to create and overwrite any file that Mastodon is authorized to access and cause a denial of service and remote code execution...