64 matches found
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
EUVD-2014-9331
Malware in sbrugna...
EUVD-2021-25580
Malware in sbrugna...
EUVD-2025-5447
Malicious code in bioql PyPI...
EUVD-2023-53105
Malicious code in bioql PyPI...
EUVD-2025-21766
Malicious code in bioql PyPI...
EUVD-2024-36876
Malicious code in bioql PyPI...
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2025-53941 Hollo renders posts received with form elements and allows submission
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...
CVE-2014-9516
Cross-site scripting XSS vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI, related to the "Web Site" input in the Profile section...
BIT-MASTODON-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-37903
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-32983
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the author...
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the author...
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...