Lucene search
K

280 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-57574

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS0.0034EPSS
Exploits0References4
NVD
NVD
added 4 days ago6 views

CVE-2026-57575

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...

6.9CVSS0.00347EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-57574

This CVE affects Misskey, an open-source federated social platform, where the vulnerability resides in the Time-based One-Time Password (TOTP) authentication in UserAuthService. The issue results from insufficient validation of used TOTP tokens, allowing a single-use code to be reused within its ...

7.4CVSS6.1AI score0.0034EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57574 Misskey: TOTP tokens can be reused

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS0.0034EPSS
Exploits0References4
OSV
OSV
added 4 days ago2 views

CVE-2026-57574 Misskey: TOTP tokens can be reused

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS6.1AI score0.0034EPSS
Exploits0References6
CVE
CVE
added 4 days ago9 views

CVE-2026-57575

Misskey (open source federated social platform) contains a Server-Side Request Forgery (SSRF) vulnerability in the UrlPreviewService prior to version 2026.6.0. The issue arises from insufficient network restrictions before outbound requests, allowing an attacker to trigger the Misskey server to i...

6.9CVSS6.1AI score0.00347EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

9.2CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 7:43 a.m.10 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.5CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 7:43 a.m.12 views

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

4.3CVSS0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 7:43 a.m.14 views

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

9.2CVSS0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Misskey 数据伪造问题漏洞

Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey prior to 2026.3.1 had a data manipulation vulnerability, which stemmed from allowing bypasses of HTTP signature verification...

7.5CVSS5.7AI score0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

Misskey 授权问题漏洞

Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey from 8.45.0 until 2026.3.1 had an authorization issue vulnerability. This vulnerability stemmed from insufficient permission checks and input validation, which could lead to severe data...

9.2CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.13 views

Misskey 安全漏洞

Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey from 10.93.0 until 2026.3.1 had security vulnerabilities due to a lack of ownership verification, which could lead to the import of other user data...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 9:21 p.m.45 views

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:21 p.m.4 views

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/09 9:21 p.m.9 views

EUVD-2026-10369

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 9:21 p.m.3 views

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:21 p.m.7 views

EUVD-2026-10370

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

2.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder