Lucene search
K

5 matches found

Circl
Circl
added 2025/02/27 5:25 p.m.6 views

CVE-2025-27157

creationtimestamp| type| source ---|---|--- 2025-02-27 17:25:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5720 2025-02-27 18:18:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114077225711677534 2025-02-27 19:15:38+00:00| seen|...

5.3CVSS4.8AI score0.00338EPSS
Exploits0References3
NVD
NVD
added 2025/02/27 5:15 p.m.11 views

CVE-2025-27157

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/27 5:12 p.m.7 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS5.3AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 5:12 p.m.26 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS0.00338EPSS
Exploits0References2
OSV
OSV
added 2025/02/27 5:12 p.m.5 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References4
Rows per page
Query Builder