3 matches found
CVE-2026-25808
Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
PT-2026-7177
Name of the Vulnerable Software and Affected Versions Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2 Description Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages DMs and posts restricted t...