Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/24 7:0 p.m.1 views

CVE-2026-27477

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

8.2CVSS5.9AI score0.0027EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/24 7:0 p.m.17 views

CVE-2026-27477

Mastodon CVE-2026-27477 describes an SSRF risk in the FASP feature: unauthenticated registration of a FASP with a base_url that can resolve to an internal address, when the server has EXPERIMENTAL_FEATURES including fasp enabled. Affected: Mastodon versions 4.4.0–4.4.13 and 4.5.0–4.5.6. Impact: s...

8.2CVSS5.7AI score0.0027EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/13 12:15 a.m.19 views

Code injection

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space...

4.3CVSS7.5AI score0.00847EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/12 12:0 a.m.4 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. A security vulnerability exists in Octopus Server versions after 2022.1.1495 and before 2022.1.2647, which stems from the fact that all new users can access the scripting console within their private space if private space is enabled via the...

7.5CVSS7.2AI score0.00847EPSS
Exploits0References3
Rows per page
Query Builder