CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

pixelfed/pixelfed is vulnerable to Unauthorized Access. The vulnerability is due to insufficient verification of follow requests, allowing unauthorized users to access private posts across Fediverse servers...

4.3CVSS7AI score0.00179EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/03/27 12:18 a.m.•19 views

CVE-2025-30741

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance...

4.3CVSS7.1AI score0.00179EPSS

Exploits0References1

Github Security Blog•added 2025/03/25 9:31 p.m.•8 views

Pixelfed may allow unauthorized actor to view private posts and private users

4.3CVSS7AI score0.00179EPSS

Exploits0References6Affected Software1

OSV•added 2025/03/25 9:31 p.m.•5 views

GHSA-7287-GRHX-542X Pixelfed may allow unauthorized actor to view private posts and private users

4.3CVSS4.5AI score0.00179EPSS

Exploits0References6

Snyk•added 2025/03/25 9:31 p.m.•2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the account visibility settings. An attacker can view and interact with private posts and accounts by leveraging the improper enforcement of access controls. Remediation Upgrade pixelfed/pixelfed to version...

5.3CVSS7AI score0.00179EPSS

Exploits0References2

NVD•added 2025/03/25 9:15 p.m.•13 views

CVE-2025-30741

4.3CVSS0.00179EPSS

Exploits0References4

OSV•added 2025/03/25 9:15 p.m.•4 views

CVE-2025-30741

4.3CVSS4.5AI score

Exploits0References4

CVE•added 2025/03/25 12:0 a.m.•55 views

CVE-2025-30741

CVE-2025-30741 affects Pixelfed before 0.12.5, where insufficient verification of follow requests allows an unauthenticated actor to follow private accounts and view private posts on other Fediverse servers. This can expose private content to users who have followers from a Pixelfed instance. The...

4.3CVSS7AI score0.00179EPSS

Exploits0References4

CNNVD•added 2025/03/25 12:0 a.m.•1 views

Pixelfed 安全漏洞

Pixelfed is a free and ethical photo sharing platform from the individual developers of Pixelfed. A security vulnerability exists in versions of Pixelfed prior to 0.12.5 that stems from the fact that anyone can follow private accounts on other Fediverse servers and view private posts...

4.3CVSS6.4AI score0.00179EPSS

Exploits0References6

Cvelist•added 2025/03/25 12:0 a.m.•18 views

CVE-2025-30741

4.3CVSS0.00179EPSS

Exploits0References4

Vulnrichment•added 2025/03/25 12:0 a.m.•13 views

CVE-2025-30741

4.3CVSS7AI score0.00179EPSS

Exploits0References4

RedhatCVE•added 2025/02/05 1:0 p.m.•6 views

CVE-2024-25108

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This...

9.9CVSS6.4AI score0.0011EPSS

Exploits1References1

Veracode•added 2024/02/13 8:54 a.m.•14 views

Authorization Bypass

pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...

9.9CVSS6.8AI score0.0011EPSS

Exploits1References3Affected Software1

NVD•added 2024/02/12 8:15 p.m.•10 views

CVE-2024-25108

9.9CVSS9.1AI score0.0011EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by