CVE-2023-52077

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-863
View all →

Vulnerability Description

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5.

Related Vulnerabilities

CVE-2001-1155

CRITICAL
CVSS:9.8(Critical)

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass i...

CWE-8632001

CVE-2008-7109

CRITICAL
CVSS:9.8(Critical)

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does no...

CWE-8632008

CVE-2010-1435

CRITICAL
CVSS:9.8(Critical)

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the dat...

CWE-8632010

CVE-2012-6094

CRITICAL
CVSS:9.8(Critical)

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

CWE-8632012

CVE-2013-2198

CRITICAL
CVSS:9.8(Critical)

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

CWE-8632013

CVE-2016-20001

CRITICAL
CVSS:9.8(Critical)

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

CWE-8632016