CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

EUVD-2026-10370

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433

Misskey CVE-2026-28433 affects servers running 10.93.0 and later, before 2026.3.1, where importing other users’ data is possible due to lack of ownership validation in the import process. The vulnerability’s impact is described as relatively low (confidentiality impact LOW; requires the target fi...

EUVD-2026-10369

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28432 HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

CVE-2026-28431

Misskey (open source federated social media) versions 8.45.0–before 2026.3.1 are affected by insufficient authorization checks and input validation, allowing data access beyond intended permissions irrespective of federation. Impact can include data exposure; CVSS vector indicates high impact to ...

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

CVE-2026-28431 Misskey lacks proper authorization checks and input validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

PT-2026-24121

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2026.3.1 Description Misskey is a federated social media platform. All servers prior to version 2026.3.1 are susceptible to an issue that allows bypassing HTTP signature verification. This affects all servers, even...

Misskey 安全漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey versions prior to 2025.12.0-alpha.2, which stems from an insecure trustProxy configuration default value that could lead to bypassing IP rate limiting...

Misskey 安全漏洞

Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...

CVE-2025-66482

Misskey CVE-2025-66482 affects the login rate-limiting mechanism via forged X-Forwarded-For headers. The vulnerability arises from an insecure default for trustProxy in the config, making instances vulnerable if not explicitly overridden. It is addressable starting with version 2025.9.1 by introd...

CVE-2025-66402

Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

CVE-2025-61775

Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...

EUVD-2021-25571

Malware in sbrugna...

EUVD-2024-43810

Malicious code in bioql PyPI...

CVE-2023-24811

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.2 the URL preview function is subject to a cross site scripting vulnerability due to insufficient URL validation. Arbitrary JavaScript is executed when a malicious URL is loaded in the View in Player or View...