17 matches found
PT-2025-32007 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 3.1.5 through 4.2.24 Mastodon versions 4.3.0 through 4.3.11 Mastodon versions 4.4.0 through 4.4.3 Description: Mastodon’s rate-limiting system contains a configuration error where the email-based throttle for confirmation...
CVE-2025-23931
creationtimestamp| type| source ---|---|--- 2025-01-22 15:21:29+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdoa4iblu2b 2025-01-22 15:49:19+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113872794980397663 2025-01-22 15:49:49+00:00| seen|...
CVE-2025-23918
creationtimestamp| type| source ---|---|--- 2025-01-22 15:21:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo7vwq2d2w 2025-01-22 15:49:17+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113872794842838981 2025-01-22 15:49:47+00:00| seen|...
Mastodon 4.2.x < 4.2.10 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.18 or 4.2.x prior to 4.2.10. It is, therefore, affected by multiples vulnerabilities : - An Insufficient permission checking on multiple API endpoints - An Improper authorship check ...
Mastodon < 4.1.17 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.17 or 4.2.x prior to 4.2.9. It is, therefore, affected by multiples vulnerabilities : - Private mention filtering can be bypassed - Missing rate-limit to password change endpoint -...
Mastodon 4.1.x < 4.1.14 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.18 or 4.0.x prior to 4.0.14 or 4.1.x prior to 4.1.14 or 4.2.x prior to 4.2.6. It is, therefore, affected by multiples vulnerabilities : - Destroying OAuth Applications doesn't notify...
Mastodon 4.1.x < 4.1.3 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...
Mastodon < 4.0.10 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.14 or 4.0.x prior to 4.0.10 or 4.1.x prior to 4.1.8. It is, therefore, affected by multiples vulnerabilities : - A Stored XSS through the translation feature - A Server-side request...
Mastodon < 3.5.14 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.14 or 4.0.x prior to 4.0.10 or 4.1.x prior to 4.1.8. It is, therefore, affected by multiples vulnerabilities : - A Stored XSS through the translation feature - A Server-side request...
Mastodon 4.2.x < 4.2.6 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.18 or 4.0.x prior to 4.0.14 or 4.1.x prior to 4.1.14 or 4.2.x prior to 4.2.6. It is, therefore, affected by multiples vulnerabilities : - Destroying OAuth Applications doesn't notify...
Mastodon 4.0.x < 4.0.14 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.18 or 4.0.x prior to 4.0.14 or 4.1.x prior to 4.1.14 or 4.2.x prior to 4.2.6. It is, therefore, affected by multiples vulnerabilities : - Destroying OAuth Applications doesn't notify...
Mastodon 4.0.x < 4.0.5 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...
Mastodon < 4.1.18 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.18 or 4.2.x prior to 4.2.10. It is, therefore, affected by multiples vulnerabilities : - An Insufficient permission checking on multiple API endpoints - An Improper authorship check ...
Mastodon < 4.1.8 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.14 or 4.0.x prior to 4.0.10 or 4.1.x prior to 4.1.8. It is, therefore, affected by multiples vulnerabilities : - A Stored XSS through the translation feature - A Server-side request...
Mastodon 4.2.x < 4.2.9 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 4.1.17 or 4.2.x prior to 4.2.9. It is, therefore, affected by multiples vulnerabilities : - Private mention filtering can be bypassed - Missing rate-limit to password change endpoint -...
Mastodon < 3.5.18 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.18 or 4.0.x prior to 4.0.14 or 4.1.x prior to 4.1.14 or 4.2.x prior to 4.2.6. It is, therefore, affected by multiples vulnerabilities : - Destroying OAuth Applications doesn't notify...
Mastodon < 3.5.9 Multiples Vulnerabilities
According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.9 or 4.0.x prior to 4.0.5 or 4.1.x prior to 4.1.3. It is, therefore, affected by multiples vulnerabilities : - Verified profile links can be formatted in a misleading way - Denial of...