CVE-2025-27399

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

Mastodon 授权问题漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. An authorization issue vulnerability exists in Mastodon that stems from an unapproved user being able to view the reason for a domain block, affecting instance administrators who do not wish to make...

GHSA-9QGF-4FPF-CMH2 Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

UBUNTU-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...