Exposição de Misskey
Message boards18
score de exposição
49
sites usam
0
em exploração
4
críticos
CVEs
28 resultadosCVE-2019-1020010—Misskey before 10.102.4 allows hijacking a user's token.EPSS 1.3%CVE-2021-39195HIGHServer-Side Request Forgery vulnerability in misskeyEPSS 1.0%CVE-2021-39169HIGHXSS vulnerability using dialogEPSS 0.7%CVE-2023-24812HIGHSQL injection of notes/search-by-tagEPSS 0.7%CVE-2023-43793HIGHMisskey allows users to bypass authentication of Bull dashboardEPSS 0.7%CVE-2024-25636HIGHLack of media type verification of Activity Streams objects allows impersonation and takeover of remote accountsEPSS 0.7%CVE-2025-24896HIGHMisskey allows token to remain valid in cookie after signing outEPSS 0.6%CVE-2023-52139CRITICALMisskey vulnerable to improper authorization when accessing with third-party applicationEPSS 0.5%CVE-2023-24810HIGHCross site scripting (XSS) vulnerability using authentication callback in MisskeyEPSS 0.4%CVE-2023-25154HIGHCross site scripting (XSS) of ActivityPub URI in misskeyEPSS 0.4%CVE-2023-24811HIGHCross site scripting (XSS) vulnerability using url preview in MisskeyEPSS 0.4%CVE-2023-49079CRITICALMisskey's missing signature validation allows arbitrary users to impersonate any remote user.EPSS 0.4%CVE-2024-32983HIGHMisskey allows the impersonation and takeover of remote accounts with unnormalized signed activitiesEPSS 0.4%CVE-2025-46559MEDIUMMisskey Directory Traversal Vulnerability in AiScript via `Mk:api`EPSS 0.4%CVE-2024-52593MEDIUMMissing validation allows spoofed "origin" links in MisskeyEPSS 0.4%CVE-2024-52590HIGHMissing validation allows spoofed profiles in MisskeyEPSS 0.3%CVE-2024-52591HIGHMissing validation allows spoofed profiles and notes in MisskeyEPSS 0.3%CVE-2024-49363HIGHUncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in MisskeyEPSS 0.3%CVE-2024-52592MEDIUMMissing validation allows spoofed poll updates in MisskeyEPSS 0.3%CVE-2025-66482MEDIUMMisskey has a login rate limit bypass via spoofed X-Forwarded-For headerEPSS 0.3%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →