127 matches found
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2026-25808
Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...
PT-2026-7177
Name of the Vulnerable Software and Affected Versions Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2 Description Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages DMs and posts restricted t...
CVE-2026-22246
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships...
CVE-2026-22246 Local Mastodon users can enumerate and access severed relationships of every other local user
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships...
PT-2026-2182
Name of the Vulnerable Software and Affected Versions Mastodon versions 4.3 through 4.3.16 Mastodon versions 4.4 through 4.4.10 Mastodon versions 4.5 through 4.5.3 Description Mastodon is a free, open-source social network server based on ActivityPub. A flaw exists in the code handling the downlo...
MAL-2025-190896 Malicious code in @posthog/twitter-followers-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...
Malicious code in @posthog/twitter-followers-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f5de01d0a45127f79e5f6db0ebea050e55f26d8ebbb38b72a4e422e6d3ecc6 The package @posthog/twitter-followers-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198929
Malicious code in @posthog/twitter-followers-plugin npm...
CVE-2025-52770
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...
EUVD-2025-35474
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...
CVE-2025-52770
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...
CVE-2025-52770
CVE-2025-52770 concerns the WordPress Hello Followers plugin (versions up to and including 2.5). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component: Hellofollowers plugin; root cause: improper handling...
CVE-2025-52770 WordPress Hello Followers plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...
CVE-2025-52770 WordPress Hello Followers plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...