CVE-2026-40592

FreeScout (self-hosted help desk) prior to 1.8.214 is affected by CVE-2026-40592. The vulnerability lies in the undo-send route GET /conversation/undo-reply/{thread_id}, which only checks whether the current user can view the parent conversation and does not verify that the user created the reply...

Mastodon 4.2.x < 4.2.10 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.18 or 4.2.x prior to 4.2.10. It is, therefore, affected by multiples vulnerabilities : - An Insufficient permission checking on multiple API endpoints - An Improper authorship check ...

Mastodon < 4.1.18 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.18 or 4.2.x prior to 4.2.10. It is, therefore, affected by multiples vulnerabilities : - An Insufficient permission checking on multiple API endpoints - An Improper authorship check ...

CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...