Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/07/01 7:27 p.m.34 views

CVE-2026-58593 NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS0.00191EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0154

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00938EPSS
Exploits0References9
OSV
OSV
added 2022/09/02 8:15 p.m.3 views

DEBIAN-CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

7.5CVSS6.8AI score0.00938EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/02 8:0 p.m.8 views

CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

6.4CVSS7.4AI score0.00938EPSS
Exploits0References4
Rows per page
Query Builder