PT-2026-34840

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 times 10000$ pixels. While the compressed file size ...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

PT-2025-44784

Name of the Vulnerable Software and Affected Versions Open Source Social Network OSSN version 8.6 Description Open Source Social Network OSSN version 8.6 is susceptible to a Cross Site Scripting XSS issue. The issue occurs through the param parameter at the /u/administrator/friends API endpoint...

CVE-2025-63441

CVE-2025-63441 affects Open Source Social Network (OSSN) 8.6. The connected documents identify a Cross-Site Scripting (XSS) vulnerability exploitable via the parameter named param at the endpoint /u/administrator/friends. The CVSS v3.1 vector indicates Network attack, Low attack complexity, Low p...

EUVD-2020-3012

Malware in sbrugna...

EUVD-2024-21275

Malicious code in bioql PyPI...

EUVD-2023-46897

Malicious code in bioql PyPI...

EUVD-2022-37867

Malicious code in bioql PyPI...

EUVD-2021-30717

Malicious code in bioql PyPI...

EUVD-2022-52761

Malicious code in bioql PyPI...

CVE-2023-42451

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc...

CVE-2023-36461

Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through...

CVE-2022-34965

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/cominstaller. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this ...

CVE-2024-23832 Mastodon Remote user impersonation and takeover

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is...

CVE-2022-34966

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...

CVE-2022-34962

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting XSS vulnerability via the Group Timeline module...

CVE-2022-34964

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting XSS vulnerability via the SitePages module...

CVE-2022-34964

The CVE-2022-34964 entry corresponds to a stored cross-site scripting (XSS) vulnerability in Open Source Social Network (OSSN) v6.3 LTS, exploitable via the SitePages module. Affected component: OSSN SitePages. Root cause: stored XSS, as described across multiple sources. Impact details from the ...

CVE-2022-34961

CVE-2022-34961 affects OpenTechnik/Open Source Social Network (OSSN) v6.3 LTS. The vulnerability is a stored XSS in the Users Timeline module. The NVD metrics show CVSS v3.1 base score 5.4 (AV:N, AC:L, PR:L, UI:R, S:C, C:L, I:L, A:N). No exploitation status is provided in the documents. Connected...

CVE-2022-34963

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting XSS vulnerability via the News Feed module...