6182 matches found
CVE-2026-25643
creationtimestamp| type| source ---|---|--- 2026-02-06 20:17:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7pxyllun25 2026-02-06 20:18:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me7pz64gzu2v 2026-02-06 20:19:21+00:00| seen|...
CVE-2026-2093
creationtimestamp| type| source ---|---|--- 2026-02-06 11:13:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10698-1ab75-2.html 2026-02-10 07:19:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meigeawdvf2v 2026-02-10 07:19:53+00:00| seen|...
BIT-MASTODON-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-21626
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
WordPress Relevanssi Premium plugin < 2.25.0 - Unauthenticated Private/Draft Post Disclosure vulnerability
Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi Premium versions 2.25.0...
WordPress Relevanssi plugin < 4.22.0 - Unauthenticated Private/Draft Post Disclosure vulnerability
Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi versions 4.22.0...
CVE-2025-15285
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...
CVE-2026-25055
creationtimestamp| type| source ---|---|--- 2026-02-05 08:08:06+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-n8n-1 2026-02-05 22:01:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me5fc4dwzc2o 2026-02-05 22:02:17+00:00| seen|...
CVE-2026-25052
creationtimestamp| type| source ---|---|--- 2026-02-05 08:08:06+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-n8n-1 2026-02-05 22:01:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me5fbnmhoe2h 2026-02-05 22:02:01+00:00| seen|...
CVE-2026-25053
creationtimestamp| type| source ---|---|--- 2026-02-05 08:08:06+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-n8n-1 2026-02-05 22:01:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me5fbv3vl32r 2026-02-05 22:02:10+00:00| seen|...
CVE-2026-25583
creationtimestamp| type| source ---|---|--- 2026-02-04 22:17:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2vpq2dtn27 2026-02-04 22:17:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2vqdze3f27...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
EUVD-2026-5329
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25540
Mastodon prior to versions 4.3.19, 4.4.13, and 4.5.6 is vulnerable to web cache poisoning in Rails.cache when AUTHORIZED_FETCH is enabled. The ActivityPub endpoints for pinned posts and featured hashtags cache responses that depend on the signer’s account, but the internal cache reuse does not re...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
CVE-2026-25519
creationtimestamp| type| source ---|---|--- 2026-02-04 21:16:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2sdgpo2f22 2026-02-04 21:17:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2sfexazh2v...
CVE-2025-59439
creationtimestamp| type| source ---|---|--- 2026-02-04 21:15:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2sajp6ou2o 2026-02-04 21:15:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2sbhuuzy24...