1096 matches found
Mastodon - Open Redirect
Mastodon version 4.5.8, 4.4.15, 4.3.21 is vulnerable to unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. id: CVE-2026-33868 info: name: Mastodon - Open Redirect author: theamanrawat severity: medium description: |...
Mastodon Prototype Pollution Vulnerability
The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. id: CVE-2022-0432 info: name: Mastodon Prototype Pollution Vulnerability author: pikpikcu severity: medium description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype...
CVE-2026-47777
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2026-47777
Affected product: Mastodon (open-source social network server). Vulnerable component: remote Collections feature logic for consent verification. Root cause: missing condition to ensure the FeatureAuthorization object on a remote account actually matches the Collection item, allowing forging of co...
CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
EUVD-2026-36742
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
PT-2026-49260
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.6.0 Description A missing condition in the verification process for remote accounts consenting to be featured in a remote Collection allows attackers to bypass checks and fake consent. An attacker can forge the...
GHSA-PV9G-RRHQ-MPQC
creationtimestamp| type| source ---|---|--- 2026-06-13 05:17:38+00:00| seen| https://mastodon.bsd.cafe/users/grahamperrin/statuses/116741102400640422...
CVE-2009-0014
creationtimestamp| type| source ---|---|--- 2026-06-13 05:17:38+00:00| seen| https://mastodon.bsd.cafe/users/grahamperrin/statuses/116741102400640422...
CVE-2026-11257
creationtimestamp| type| source ---|---|--- 2026-06-05 19:33:58+00:00| seen| https://mastodon.social/ap/users/115426718704364579/statuses/116699170978557606 2026-06-05 19:34:22+00:00| seen| https://bsky.app/profile/netsecio.bsky.social/post/3mnkuzpseb72f 2026-06-07 18:00:00+00:00| seen|...
babelon (>=0.2.1 <=0.3.3), curategpt (>=0.2.2 <=0.2.4) +13 more potentially affected by CVE-2026-31236 via llm (>=0.12.0 <=0.26.0)
llm PYPI version =0.12.0, =0.2.1, =0.2.2, =0.1.0, =0.1.0a0, =0.9.0, =11.0.0rc1, =0.3.6, =0.1.0, =0.7.0, =2.0.0, =2.5.0 Source cves: CVE-2026-31236 Source advisory: OSV:GHSA-G76P-4VG5-F4QH...
CVE-2026-43434
creationtimestamp| type| source ---|---|--- 2026-05-11 18:01:23+00:00| seen| https://mastodon.social/ap/users/115755483699003887/statuses/116557246423998157 2026-05-11 19:00:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllxhbfqww2n 2026-05-11 19:00:01+00:00| seen|...
CVE-2026-44327
creationtimestamp| type| source ---|---|--- 2026-05-08 22:59:22+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-cmpj-2x3g-m7g3 2026-05-27 18:01:22+00:00| seen| https://mastodon.social/ap/users/115755483699003887/statuses/116647845023345610 2026-05-27 18:01:27+00:00| seen|...
CVE-2025-66369
creationtimestamp| type| source ---|---|--- 2026-05-06 19:00:25+00:00| seen| https://mastodon.social/ap/users/115755483699003887/statuses/116529167159124842 2026-05-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities20260511...
CVE-2025-42511
creationtimestamp| type| source ---|---|--- 2026-05-05 07:53:03+00:00| seen| https://mastodon.social/users/bagder/statuses/116520883197857253 2026-05-05 07:53:12+00:00| seen| https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3ml3pf5ml3y62...
CVE-2026-6429
creationtimestamp| type| source ---|---|--- 2026-04-29 07:10:54+00:00| seen| https://mastodon.social/users/bagder/statuses/116486743707813679 2026-04-29 07:11:04+00:00| seen| https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3mkmkagqvtir2 2026-04-29 07:16:06+00:00| seen|...
CVE-2026-5545
creationtimestamp| type| source ---|---|--- 2026-04-29 07:10:54+00:00| seen| https://mastodon.social/users/bagder/statuses/116486743707813679 2026-04-29 07:11:04+00:00| seen| https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3mkmkagqvtir2 2026-04-29 07:21:06+00:00| seen|...
BIT-MASTODON-2026-41259 Mastodon: Insufficient verification of email addresses
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...
CVE-2026-11234
creationtimestamp| type| source ---|---|--- 2026-04-26 16:22:38+00:00| seen| https://mastodon.social/ap/users/115426718704364579/statuses/116471926431000914 2026-04-26 16:22:54+00:00| seen| https://bsky.app/profile/netsecio.bsky.social/post/3mkfxojpptk2q 2026-04-27 03:46:54+00:00| seen|...