Filter
-Infinity
0
Trending
Versions
MastodonMastodon's domain blocks & rationales ignore user approval when visibility set as "users"
5.3
EPSS
0.05%
First published (updated )
MastodonMastodon's rate-limits are missing on `/auth/setup`
5.3
EPSS
0.05%
First published (updated )
Mastodon 4.1Reached end of life
First published (updated )
Mastodon 4.1Reached end of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mastodon 4.3End of life
First published (updated )
Mastodon 4.3End of life
First published (updated )
MastodonIn Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request head…
5.9
First published (updated )
Mastodon 4.2End of life
First published (updated )
Mastodon 4.2End of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MastodonMastodon has improper authorship check on audience extension for existing posts
8.2
First published (updated )
MastodonLack of media type verification of Activity Streams objects allows impersonation of remote accounts
8.5
EPSS
0.04%
First published (updated )
MastodonDestroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon
4.3
EPSS
0.04%
First published (updated )
MastodonExternal OpenID Connect Account Takeover by E-Mail Change in mastodon
7.4
EPSS
0.04%
First published (updated )
The RegisterCritical vulnerability in Mastodon is pounced upon by fast-acting admins
First published (updated )
News
The RegisterNever miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23832: Mastodon: Remote user impersonation and takeover
First published (updated )
MastodonMastodon Remote user impersonation and takeover
9.8
EPSS
0.10%
First published (updated )
MastodonMastodon vulnerable to Stored XSS through the translation feature
6.1
First published (updated )
MastodonMastodon Invalid Domain Name Normalization vulnerability
7.5
First published (updated )
MastodonMastodon Server-Side Request Forgery vulnerability
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MastodonMastodon's verified profile links can be formatted in a misleading way
5.4
First published (updated )
MastodonMastodon vulnerable to Denial of Service through slow HTTP responses
7.5
First published (updated )
MastodonMastodon vulnerable to arbitrary file creation through media attachments
10
First published (updated )
MastodonMastodon vulnerable to Cross-site Scripting through oEmbed preview cards
9.3
First published (updated )
MastodonMastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MastodonThe undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5…
4.3
First published (updated )
MastodonMastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by c…
7.5
First published (updated )
MastodonImproper Restriction of Excessive Authentication Attempts in mastodon/mastodon
9.8
First published (updated )
Mastodon 4.0Reached end of life
First published (updated )
Mastodon 4.0Reached end of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.