CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

CVE-2026-25808

Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...

CVE-2026-1486

creationtimestamp| type| source ---|---|--- 2026-02-09 20:24:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mehbpr3lqv23 2026-02-09 20:24:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mehbqyfm4i2v 2026-02-10 20:10:05+00:00| seen|...

CVE-2026-25231

creationtimestamp| type| source ---|---|--- 2026-02-09 20:23:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mehbpjrsr323 2026-02-09 20:24:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mehbqrdra722...

CVE-2025-6830

creationtimestamp| type| source ---|---|--- 2026-02-09 13:02:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3megj25bk7r23 2026-02-09 13:02:29+00:00| seen| https://bsky.app/profile/potato.software/post/3megj25yvs42l...

User Submitted Posts <= 20251121 - Unauthenticated Open Redirect

The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...

CVE-2026-2210

creationtimestamp| type| source ---|---|--- 2026-02-09 03:00:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mefhfzjie32a 2026-02-09 03:00:47+00:00| seen| https://infosec.exchange/users/offseq/statuses/116038437255859099...

Hollo 安全漏洞

Hollo is a micro-blogging software developed by Fedify. Versions of Hollo prior to 0.6.20 and 0.7.2 contained security vulnerabilities. These vulnerabilities were due to the exposure of private messages and posts visible only to followers through the ActivityPub inbox endpoint, which could lead t...

PT-2026-7177

Name of the Vulnerable Software and Affected Versions Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2 Description Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages DMs and posts restricted t...

CVE-2026-2185

creationtimestamp| type| source ---|---|--- 2026-02-08 21:00:16+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meetbluowq2h 2026-02-08 21:00:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116037020144793622 2026-02-09 00:30:29+00:00| seen|...

CVE-2026-2157

creationtimestamp| type| source ---|---|--- 2026-02-08 16:30:17+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meee6tkpv324 2026-02-08 16:30:19+00:00| seen| https://infosec.exchange/users/offseq/statuses/116035958545654657...

CVE-2026-2120

creationtimestamp| type| source ---|---|--- 2026-02-08 01:30:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mecrvzwvft2f 2026-02-08 01:30:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/116032420763986584...

WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Endless Posts Navigation versions = 2.2.9...

CVE-2026-25580

creationtimestamp| type| source ---|---|--- 2026-02-06 21:21:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tjcsu6c23 2026-02-06 21:21:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tjzobmb27 2026-02-06 21:57:38+00:00| seen|...

CVE-2026-25636

creationtimestamp| type| source ---|---|--- 2026-02-06 21:21:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tj3g3vd2g 2026-02-06 21:21:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tjss2l223 2026-02-06 21:57:30+00:00| seen|...

CVE-2026-25635

creationtimestamp| type| source ---|---|--- 2026-02-06 21:21:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tiv42a624 2026-02-06 21:21:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tjlp4xm2g 2026-02-06 21:57:23+00:00| seen|...

CVE-2026-2067

creationtimestamp| type| source ---|---|--- 2026-02-06 21:18:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tdxkruj23 2026-02-06 21:18:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tezhskz23...

CVE-2026-25731

creationtimestamp| type| source ---|---|--- 2026-02-06 21:18:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tdkl3am2g 2026-02-06 21:18:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7tekx5wb2x 2026-02-15 17:06:53+00:00| seen|...