37 matches found
CVE-2022-0133
peertube is vulnerable to Improper Access Control...
CVE-2022-0170
peertube is vulnerable to Improper Access Control...
CVE-2022-0132
peertube is vulnerable to Server-Side Request Forgery SSRF...
EUVD-2021-2045
Malware in sbrugna...
EUVD-2022-15378
Malicious code in bioql PyPI...
EUVD-2025-10960
Malicious code in bioql PyPI...
EUVD-2022-15346
Malicious code in bioql PyPI...
EUVD-2022-15345
Malicious code in bioql PyPI...
CVE-2021-3780
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2025-32948
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs Blind SSRF. Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to creat...
CVE-2025-32948 PeerTube ActivityPub Playlist Creation Blind SSRF and DoS
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs Blind SSRF. Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to creat...
CVE-2025-32948 PeerTube ActivityPub Playlist Creation Blind SSRF and DoS
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs Blind SSRF. Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to creat...
CVE-2025-32947 PeerTube ActivityPub Crawl Infinite Loop DoS
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities...
CVE-2025-32947 PeerTube ActivityPub Crawl Infinite Loop DoS
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities...
CVE-2025-32947
CVE-2025-32947 concerns PeerTube. The connected documents describe a DoS via an infinite loop in the "+inbox+" endpoint triggered by crafted ActivityPub activities, causing the PeerTube server to stop responding to requests. Affected software is PeerTube; the root cause is an infinite loop in han...
CVE-2025-32945
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32944
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the...
CVE-2025-32946 PeerTube Arbitrary Playlist Creation via ActivityPub Protocol
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32946 PeerTube Arbitrary Playlist Creation via ActivityPub Protocol
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...