Exposição de Mastodon

Message boards

25

score de exposição

202

sites usam

0

em exploração

3

críticos

CVEs

34 resultados

CVE-2023-36460CRITICALMastodon vulnerable to arbitrary file creation through media attachmentsEPSS 37.3%CVE-2024-23832CRITICALMastodon Remote user impersonation and takeoverEPSS 1.9%CVE-2023-28853HIGHMastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP databaseEPSS 1.3%CVE-2023-36461HIGHMastodon vulnerable to Denial of Service through slow HTTP responsesEPSS 1.1%CVE-2023-36459CRITICALMastodon vulnerable to Cross-site Scripting through oEmbed preview cardsEPSS 1.1%CVE-2023-42451HIGHMastodon Invalid Domain Name Normalization vulnerabilityEPSS 0.6%CVE-2023-36462MEDIUMMastodon's verified profile links can be formatted in a misleading wayEPSS 0.5%CVE-2024-37903HIGHMastodon has improper authorship check on audience extension for existing postsEPSS 0.5%CVE-2026-33868MEDIUMMastodon has a GET-Based Open Redirect via '/web/%2F<domain>'EPSS 0.5%CVE-2024-25623HIGHLack of media type verification of Activity Streams objects allows impersonation of remote accountsEPSS 0.5%CVE-2025-54879MEDIUMMastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emailsEPSS 0.5%CVE-2026-23962HIGHMastodon vulnerable to Denial of Service from a single post (client/server)EPSS 0.5%CVE-2024-25618MEDIUMExternal OpenID Connect Account Takeover by E-Mail Change in mastodonEPSS 0.5%CVE-2026-23961MEDIUMMastodon may allow a remote suspension bypassEPSS 0.4%CVE-2026-25540MEDIUMMastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)EPSS 0.4%CVE-2023-42452MEDIUMMastodon vulnerable to Stored XSS through the translation featureEPSS 0.4%CVE-2023-42450MEDIUMMastodon Server-Side Request Forgery vulnerabilityEPSS 0.4%CVE-2024-25619LOWDestroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodonEPSS 0.4%CVE-2025-27157MEDIUMMastodon's rate-limits are missing on `/auth/setup`EPSS 0.3%CVE-2025-27399MEDIUMMastodon's domain blocks & rationales ignore user approval when visibility set as "users"EPSS 0.3%

← anteriorpágina 1 / 2próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →