Lucene search
+L

282 matches found

NVD
NVD
added 2025/05/05 7:15 p.m.13 views

CVE-2025-46553

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

6.1CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 7:15 p.m.12 views

CVE-2025-46559

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

7.5CVSS0.0037EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/05 6:38 p.m.18 views

CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

5.4CVSS0.0037EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/05 6:38 p.m.8 views

CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

5.4CVSS5.5AI score0.0037EPSS
Exploits1References2
CVE
CVE
added 2025/05/05 6:38 p.m.56 views

CVE-2025-46559

CVE-2025-46559 is a Misskey directory traversal vulnerability. In Misskey versions 12.31.0 through 2025.4.0, missing validation in Mk:api lets AiScript prefix a URL with ".." to escape the /api path, enabling requests to endpoints such as /files, /url, and /proxy. The issue is fixed in version 20...

7.5CVSS5.5AI score0.0037EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/05 6:38 p.m.9 views

CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`

Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...

5.4CVSS7AI score0.0037EPSS
Exploits1References4
CVE
CVE
added 2025/05/05 6:35 p.m.62 views

CVE-2025-46340

Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...

7.2CVSS7.2AI score0.00214EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/05 6:35 p.m.8 views

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

7.2CVSS7.2AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/05 6:35 p.m.19 views

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

7.2CVSS0.00214EPSS
Exploits0References2
OSV
OSV
added 2025/05/05 6:35 p.m.8 views

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

7.2CVSS7.1AI score0.00214EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/05 6:28 p.m.5 views

CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

5.3CVSS6.5AI score0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/05 6:28 p.m.16 views

CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

5.3CVSS0.00218EPSS
Exploits0References2
CVE
CVE
added 2025/05/05 6:28 p.m.64 views

CVE-2025-46553

CVE-2025-46553 (Misskey summaly) : A logic error in the main summaly function (versions 3.0.1 to before 5.2.1) causes the allowRedirects option to be omitted when passed to plugins, so redirects are followed despite explicit requests not to. This creates a Redirect Filter Bypass condition and can...

6.1CVSS6.5AI score0.00218EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/05 6:28 p.m.5 views

CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

5.3CVSS6.5AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2025/05/05 5:3 p.m.29 views

GHSA-7899-W6C4-VQC4 @misskey-dev/summaly Redirect Filter Bypass

Summary A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Details In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default...

5.3CVSS6.7AI score0.00218EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/05 5:3 p.m.21 views

@misskey-dev/summaly Redirect Filter Bypass

Summary A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Details In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default...

6.1CVSS6.7AI score0.00218EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.7 views

Misskey 路径遍历漏洞

Misskey is a perpetually free open source federated social media platform from Misskey Open Source. A path traversal vulnerability exists in Misskey versions prior to 12.31.0 through 2025.4.1, which stems from insufficient Mk:api authentication and could lead to unauthorized access to endpoints...

7.5CVSS6.6AI score0.0037EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.8 views

PT-2025-19771 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.31.0 through 2025.4.0 Description: The issue is related to missing validation in Mk:api, which allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. This is achieved by...

5.4CVSS6.5AI score0.0037EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.10 views

Misskey 安全漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey versions prior to 12.0.0 through 2025.4.1, which stems from insufficient validation of UrlPreviewService and MkUrlPreview, and could lead to CSS injectio...

7.2CVSS6.9AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.7 views

PT-2025-19770 · Npm · @Misskey-Dev/Summaly

Name of the Vulnerable Software and Affected Versions: @misskey-dev/summaly versions 3.0.1 through 5.2.0 Description: A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. This issue allows Misskey to follow...

5.3CVSS6.2AI score0.00218EPSS
Exploits0References8
Rows per page
Query Builder