41 matches found
CVE-2026-57574
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
EUVD-2026-10369
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28433 Misskey lacks resource ownership validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
EUVD-2026-10370
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...
CVE-2026-28433
Misskey (open source federated social platform) contains CVE-2026-28433 affecting versions 10.93.0 and later up to, but not including, 2026.3.1. The vulnerability arises from lack of ownership validation, allowing an importer to bring in data from other users. The impact is described as relativel...
CVE-2026-28432 HTTP signature verification can be bypassed
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...
CVE-2026-28431 Misskey lacks proper authorization checks and input validation
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
CVE-2026-28431
Misskey (open source federated social media) versions 8.45.0–before 2026.3.1 are affected by insufficient authorization checks and input validation, allowing data access beyond intended permissions irrespective of federation. Impact can include data exposure; CVSS vector indicates high impact to ...
PT-2026-24121
Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2026.3.1 Description Misskey is a federated social media platform. All servers prior to version 2026.3.1 are susceptible to an issue that allows bypassing HTTP signature verification. This affects all servers, even...
Misskey 安全漏洞
Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey versions prior to 2025.12.0-alpha.2, which stems from an insecure trustProxy configuration default value that could lead to bypassing IP rate limiting...
Misskey 安全漏洞
Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...
CVE-2025-66482
Misskey CVE-2025-66482 affects the login rate-limiting mechanism via forged X-Forwarded-For headers. The vulnerability arises from an insecure default for trustProxy in the config, making instances vulnerable if not explicitly overridden. It is addressable starting with version 2025.9.1 by introd...
CVE-2025-66402
Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...
CVE-2025-66402 misskey.js's export data contains private post data
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...
CVE-2025-61775
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...
EUVD-2021-25571
Malware in sbrugna...
EUVD-2024-43810
Malicious code in bioql PyPI...