24 matches found
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
EUVD-2023-48172
Malicious code in bioql PyPI...
EUVD-2023-56756
Malicious code in bioql PyPI...
CVE-2023-43805
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possibl...
Concorde 代码问题漏洞
Concorde Nexkey is an application for nexryai individual developers. A code issue vulnerability exists in Concorde prior to version 12.25Q1.1 that stems from an improperly implemented logout process where authentication credentials remain in a cookie, potentially allowing an attacker to steal...
CVE-2023-52077
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
Design/Logic Flaw
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
CVE-2023-52077
CVE-2023-52077 concerns Nexkey, a Misskey v12 fork. Before 12.23Q4.5, external apps using administrator/moderator-issued tokens could call admin APIs, enabling operations like updating server settings and risking object storage and email credentials. The issue is patched in 12.23Q4.5. No exploita...
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
Nexkey Security Breach
Nexkey is an open source, decentralized social media platform for nexryai individual developers. A security vulnerability exists in Nexkey versions prior to 12.23Q4.5 that stems from allowing external applications to invoke the management API using tokens issued by administrators and reviewers...
PT-2023-31912 · Nexkey · Nexkey
Name of the Vulnerable Software and Affected Versions: Nexkey versions prior to 12.23Q4.5 Description: Nexkey, a lightweight fork of Misskey v12 optimized for small to medium size servers, allows external apps using tokens issued by administrators and moderators to call admin APIs. This enables...
CVE-2023-49095
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095 nexkey allows arbitrary users to impersonate any remote user due to missing signature validation
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2...
CVE-2023-49095
Nexkey’s CVE-2023-49095 vulnerability is due to insufficient validation of ActivityPub inbox requests, which could allow a user to impersonate another user in certain circumstances. The issue affects Nexkey and has been mitigated by upgrading to version 12.122.2. Affected components are related t...
Nexkey Input Validation Error Vulnerability
Nexkey is an open source, decentralized social media platform for nexryai individual developers. An input validation error vulnerability exists in versions of Nexkey prior to 12.122.2, which stems from insufficient validation of ActivityPub requests received in the inbox, and could allow any user...
CVE-2023-43805
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possibl...
Authentication flaw
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possibl...
CVE-2023-43805 Nexkey allows users to bypass authentication of Bull dashboard
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possibl...