68 matches found
EUVD-2026-36742
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2026-41259
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...
BIT-MASTODON-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...
CVE-2026-33869
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The...
CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...
CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...
Mastodon 输入验证错误漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. Versions of Mastodon prior to 4.5.8, 4.4.15, and 4.3.21 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of URL-encoded path segments in...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-23963 Mastodon missing length limits on list names, filter names, and filter keywords
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...
CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...
CVE-2022-31263
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions...
CVE-2026-22245
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...
Mastodon 安全漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.3.17, prior to 4.4.11, and prior to 4.5.4, which stems from a lack of relationship list ownership checking and could lead to informatio...
Mastodon 代码问题漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A code issue vulnerability exists in Mastodon versions prior to 4.5.4, prior to 4.4.11, prior to 4.3.17, and prior to 4.2.29, which stems from the lack of an IP address range restriction that could...
CVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...
Mastodon 代码问题漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A code issue vulnerability exists in Mastodon versions prior to 4.4.8 and prior to 4.5.0-beta.2, which stems from not properly handling reposting statuses and could lead to bypassing the reference...
BIT-MASTODON-2025-62174 Mastodon allows continued access after password reset via CLI
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...
EUVD-2018-13542
Malware in sbrugna...
EUVD-2023-32477
Malicious code in bioql PyPI...
EUVD-2025-23661
Malicious code in bioql PyPI...