19 matches found
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...
Hollo 安全漏洞
Hollo is a micro-blogging software developed by Fedify. Versions of Hollo prior to 0.6.20 and 0.7.2 contained security vulnerabilities. These vulnerabilities were due to the exposure of private messages and posts visible only to followers through the ActivityPub inbox endpoint, which could lead t...
PT-2026-7177
Name of the Vulnerable Software and Affected Versions Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2 Description Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages DMs and posts restricted t...
MAL-2025-35528 Malicious code in test-mlw2-hollo-jigot (npm)
The package test-mlw2-hollo-jigot was found to contain malicious code...
Malicious code in test-mlw2-hollo-jigot (npm)
The package test-mlw2-hollo-jigot was found to contain malicious code...
Malicious code in test-mlw2-mikra-sears-jarks-hollo (npm)
The package test-mlw2-mikra-sears-jarks-hollo was found to contain malicious code...
CVE-2025-53941
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941
Hollo is vulnerable to HTML injection in versions prior to 0.6.5 due to HTML form elements being submitted via the ActivityPub‑fed workflow. The issue affects Hollo’s rendering/handling of received posts that include form elements, enabling injection under network-visible conditions. Version 0.6....
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
Hollo 安全漏洞
Hollo is a micro-blogging software from Fedify Open Source. A security vulnerability exists in versions of Hollo prior to 0.6.5 that stems from allowing submission of HTML form elements, which may result in HTML injection...
PT-2025-29913 · Hollo · Hollo
Name of the Vulnerable Software and Affected Versions: Hollo versions prior to 0.6.5 Description: Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, leading to a potential HTML...