Filter
AND
MastodonLack of media type verification of Activity Streams objects allows impersonation of remote accounts
8.5
EPSS
0.04%
First published (updated )
MastodonDestroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon
4.3
EPSS
0.04%
First published (updated )
MastodonExternal OpenID Connect Account Takeover by E-Mail Change in mastodon
7.4
EPSS
0.04%
First published (updated )
MastodonMastodon Remote user impersonation and takeover
9.8
EPSS
0.10%
First published (updated )
MastodonMastodon vulnerable to Stored XSS through the translation feature
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MastodonMastodon Invalid Domain Name Normalization vulnerability
7.5
First published (updated )
MastodonMastodon's verified profile links can be formatted in a misleading way
5.4
First published (updated )
MastodonMastodon vulnerable to Denial of Service through slow HTTP responses
7.5
First published (updated )
MastodonMastodon vulnerable to arbitrary file creation through media attachments
10
First published (updated )
MastodonMastodon vulnerable to Cross-site Scripting through oEmbed preview cards
9.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MastodonMastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database
7.7
First published (updated )