CVE-2023-49095

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...

EUVD-2021-25580

Malware in sbrugna...

EUVD-2025-5447

Malicious code in bioql PyPI...

EUVD-2023-53105

Malicious code in bioql PyPI...

EUVD-2024-36876

Malicious code in bioql PyPI...

CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

CVE-2023-49095

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...

Input validation

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...

CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...

CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation

nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...

CVE-2023-49095

Nexkey’s CVE-2023-49095 vulnerability is due to insufficient validation of ActivityPub inbox requests, which could allow a user to impersonate another user in certain circumstances. The issue affects Nexkey and has been mitigated by upgrading to version 12.122.2. Affected components are related t...

CVE-2021-39195

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

CVE-2021-39195

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

CVE-2021-39169

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...

CVE-2021-39169

CVE-2021-39169 affects Misskey prior to version 12.51.0. The vulnerability is a cross-site scripting (XSS) flaw where the web client’s built-in dialog can display a malicious string, potentially compromising the API request token. A fix exists in version 12.51.0; upgrading is the recommended reme...