Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:1 a.m.6 views

CVE-2023-43793

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

7.5CVSS7.1AI score0.00214EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-28808

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00505EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-13505

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References2
CVE
CVEadded 2025/05/05 6:35 p.m.56 views

CVE-2025-46340

Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...

7.2CVSS7.2AI score0.00436EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/10 6:13 p.m.8 views

CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the id and url fields of ActivityPub objects. An attacker can forge an object where they claim authority in the url field even if the specific ActivityPub...

9.3CVSS9.2AI score0.00077EPSS
Exploits0References2
OSV
OSVadded 2025/02/11 3:14 p.m.11 views

CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...

8.1CVSS6.8AI score0.00271EPSS
Exploits0References4
NVD
NVDadded 2024/12/18 8:15 p.m.11 views

CVE-2024-52591

Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet and HttpRequestService.getActivityJson allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance...

9.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/12/18 7:17 p.m.12 views

CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder