Lucene search
K

8 matches found

NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-46349

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 p.m.5 views

CVE-2026-48028

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:48 p.m.10 views

CVE-2026-50128

Mastodon vulnerability CVE-2026-50128 affects versions 4.3.0 through 4.5.11 and 4.4.18, where an error in the attributionDomains JSON-LD handling allows an attacker to arbitrarily modify the attributionDomains value on a legitimately signed Update and bypass signature verification. This can under...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:48 p.m.15 views

CVE-2026-50128 Mastodon: Spoofing of attribution domains

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:48 p.m.12 views

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 7:43 p.m.11 views

CVE-2026-48028

Mastodon (open-source social network server) versions prior to 4.5.10, 4.4.17, and 4.3.23 are affected. The vulnerability arises from how incoming activities signed with Linked-Data Signatures are normalized, failing to adequately protect against a class of spoofing that lets an attacker remove J...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2024/10/31 6:3 p.m.5 views

Insufficient Verification of Data Authenticity

Overview laravel/reverb is a provider of a real-time WebSocket communication backend for Laravel applications. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the verification of API signatures. An attacker can manipulate the API by sendi...

8.7CVSS6.9AI score0.00332EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/06/05 2:8 p.m.76 views

USN-6138-1: libssh vulnerabilities

Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-1667 Kevin Backhouse discovered that libssh incorrectly...

6.5CVSS6.6AI score0.01314EPSS
Exploits2
Rows per page
Query Builder