16 matches found
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
EUVD-2021-25580
Malware in sbrugna...
EUVD-2025-5447
Malicious code in bioql PyPI...
EUVD-2023-53105
Malicious code in bioql PyPI...
EUVD-2024-36876
Malicious code in bioql PyPI...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
Input validation
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095
Nexkey’s CVE-2023-49095 vulnerability is due to insufficient validation of ActivityPub inbox requests, which could allow a user to impersonate another user in certain circumstances. The issue affects Nexkey and has been mitigated by upgrading to version 12.122.2. Affected components are related t...
CVE-2021-39195
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
CVE-2021-39195
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
CVE-2021-39169
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...
CVE-2021-39169
CVE-2021-39169 affects Misskey prior to version 12.51.0. The vulnerability is a cross-site scripting (XSS) flaw where the web client’s built-in dialog can display a malicious string, potentially compromising the API request token. A fix exists in version 12.51.0; upgrading is the recommended reme...