Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data
Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' da
Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additiona
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerab
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attribu
Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson`
Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacke
Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlP
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication pur
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated con
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` optio
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist N
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags
A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulatio
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki ha
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, ther
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any con
Page 1+ Next →