42 matches found
BIT-MASTODON-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon prior to versions 4.3.19, 4.4.13, and 4.5.6 is vulnerable to web cache poisoning in Rails.cache when AUTHORIZED_FETCH is enabled. The ActivityPub endpoints for pinned posts and featured hashtags cache responses that depend on the signer’s account, but the internal cache reuse does not re...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
EUVD-2026-5329
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
PT-2026-6319
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.3.19 Mastodon versions prior to 4.4.13 Mastodon versions prior to 4.5.6 Description Mastodon, a free, open-source social network server based on ActivityPub, contains a flaw related to web cache poisoning. When the...
GHSA-9R42-RHW3-2222 Mattermost is vulnerable to CPU exhaustion via crafted HTTP request
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
Mattermost is vulnerable to CPU exhaustion via crafted HTTP request
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
EUVD-2025-7880
Malicious code in bioql PyPI...
EUVD-2025-12056
Malicious code in bioql PyPI...
CVE-2025-46470
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags hashtagger hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags hashtagger: from n/a through = 7.2.3...
WordPress Smart Hashtags [#hashtagger] plugin <= 7.2.3 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Smart Hashtags hashtagger versions = 7.2.3...
CVE-2025-46470
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags hashtagger hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags hashtagger: from n/a through = 7.2.3...
CVE-2025-46470 WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Hashtags hashtagger: from n/a through 7.2.3...
CVE-2025-46470 WordPress Smart Hashtags [#hashtagger] plugin <= 7.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags hashtagger hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Hashtags hashtagger: from n/a through = 7.2.3...
CVE-2025-46470
CVE-2025-46470 concerns WordPress Smart Hashtags [#hashtagger] plugin (versions up to 7.2.3) with a Missing Authorization vulnerability due to incorrectly configured access control. The public details identify a Medium severity (CVSS 3.1 base 4.3) , exploitable remotely without user interaction. ...
PT-2025-17785 · Unknown · Smart Hashtags
Name of the Vulnerable Software and Affected Versions: Smart Hashtags versions through 7.2.3 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions through 7.2.3,...