282 matches found
CVE-2025-46553
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...
CVE-2025-46559
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...
CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...
CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...
CVE-2025-46559
CVE-2025-46559 is a Misskey directory traversal vulnerability. In Misskey versions 12.31.0 through 2025.4.0, missing validation in Mk:api lets AiScript prefix a URL with ".." to escape the /api path, enabling requests to endpoints such as /files, /url, and /proxy. The issue is fixed in version 20...
CVE-2025-46559 Misskey Directory Traversal Vulnerability in AiScript via `Mk:api`
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in Mk:api allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious...
CVE-2025-46340
Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...
CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...
CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...
CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...
CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...
CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...
CVE-2025-46553
CVE-2025-46553 (Misskey summaly) : A logic error in the main summaly function (versions 3.0.1 to before 5.2.1) causes the allowRedirects option to be omitted when passed to plugins, so redirects are followed despite explicit requests not to. This creates a Redirect Filter Bypass condition and can...
CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...
GHSA-7899-W6C4-VQC4 @misskey-dev/summaly Redirect Filter Bypass
Summary A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Details In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default...
@misskey-dev/summaly Redirect Filter Bypass
Summary A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Details In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default...
Misskey 路径遍历漏洞
Misskey is a perpetually free open source federated social media platform from Misskey Open Source. A path traversal vulnerability exists in Misskey versions prior to 12.31.0 through 2025.4.1, which stems from insufficient Mk:api authentication and could lead to unauthorized access to endpoints...
PT-2025-19771 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions 12.31.0 through 2025.4.0 Description: The issue is related to missing validation in Mk:api, which allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. This is achieved by...
Misskey 安全漏洞
Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey versions prior to 12.0.0 through 2025.4.1, which stems from insufficient validation of UrlPreviewService and MkUrlPreview, and could lead to CSS injectio...
PT-2025-19770 · Npm · @Misskey-Dev/Summaly
Name of the Vulnerable Software and Affected Versions: @misskey-dev/summaly versions 3.0.1 through 5.2.0 Description: A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. This issue allows Misskey to follow...