Vulnerabilidades en mastodon
42 resultadosCVE-2025-27157MEDIUMMastodon's rate-limits are missing on `/auth/setup`EPSS 0.3%CVE-2026-46348HIGHMastodon: SSRF Bypass via IPv6 Unspecified Address (::)EPSS 0.3%CVE-2025-27399MEDIUMMastodon's domain blocks & rationales ignore user approval when visibility set as "users"EPSS 0.3%CVE-2026-23963MEDIUMMastodon missing length limits on list names, filter names, and filter keywordsEPSS 0.3%CVE-2026-27477MEDIUMMastodon has SSRF via unvalidated FASP Provider base_urlEPSS 0.3%CVE-2026-50129HIGHMastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMEREPSS 0.3%CVE-2025-62605MEDIUMMastodon quotes control can be bypassedEPSS 0.3%CVE-2025-62176MEDIUMMastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channelsEPSS 0.3%CVE-2026-22245HIGHMastodon has SSRF Protection bypassEPSS 0.2%CVE-2026-27468MEDIUMMastodon may allow unconfirmed FASP to make subscriptionsEPSS 0.2%CVE-2026-47389HIGHMastodon: SSRF protection bypass on older Ruby versionsEPSS 0.2%CVE-2026-22246MEDIUMLocal Mastodon users can enumerate and access severed relationships of every other local userEPSS 0.2%CVE-2026-41259HIGHMastodon: Insufficient verification of email addressesEPSS 0.2%CVE-2025-62175MEDIUMMastodon streaming API fails to disconnect disabled and suspended usersEPSS 0.2%CVE-2026-23964MEDIUMMastodon has insufficient access control to push notification settingsEPSS 0.2%CVE-2025-62174LOWMastodon allows continued access after password reset via CLIEPSS 0.2%CVE-2025-67500LOWMastodon Error Handling Discrepancy Enables Private Status Existence EnumerationEPSS 0.2%CVE-2026-47777HIGHMastodon has a consent-check bypass in its remote CollectionsEPSS 0.2%CVE-2026-33869MEDIUMMastodon has a denial of service for quote authorizationEPSS 0.2%CVE-2026-46349MEDIUMMastodon: LD-Signature Bypass via JSON-LD Named-Graph RestructuringEPSS 0.2%