279 matches found
CVE-2026-57575
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...
CVE-2026-57574
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...
CVE-2026-57574
This CVE affects Misskey, an open-source federated social platform, where the vulnerability resides in the Time-based One-Time Password (TOTP) authentication in UserAuthService. The issue results from insufficient validation of used TOTP tokens, allowing a single-use code to be reused within its ...
CVE-2026-57574 Misskey: TOTP tokens can be reused
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...
CVE-2026-57575
Misskey (open source federated social platform) contains a Server-Side Request Forgery (SSRF) vulnerability in the UrlPreviewService prior to version 2026.6.0. The issue arises from insufficient network restrictions before outbound requests, allowing an attacker to trigger the Misskey server to i...
CVE-2026-28433
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
CVE-2026-28432
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...
CVE-2026-28432
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...
CVE-2026-28433
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
Misskey 数据伪造问题漏洞
Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey prior to 2026.3.1 had a data manipulation vulnerability, which stemmed from allowing bypasses of HTTP signature verification...
Misskey 授权问题漏洞
Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey from 8.45.0 until 2026.3.1 had an authorization issue vulnerability. This vulnerability stemmed from insufficient permission checks and input validation, which could lead to severe data...
Misskey 安全漏洞
Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey from 10.93.0 until 2026.3.1 had security vulnerabilities due to a lack of ownership verification, which could lead to the import of other user data...
CVE-2026-28433 Misskey lacks resource ownership validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28433
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
EUVD-2026-10369
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28433
Misskey (open source federated social platform) contains CVE-2026-28433 affecting versions 10.93.0 and later up to, but not including, 2026.3.1. The vulnerability arises from lack of ownership validation, allowing an importer to bring in data from other users. The impact is described as relativel...
CVE-2026-28433 Misskey lacks resource ownership validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
EUVD-2026-10370
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...