VYPR

Concorde

by Nexryai

Source repositories

CVEs (3)

  • CVE-2025-24973CriFeb 11, 2025
    risk 0.53cvss 9.3epss 0.00

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may…

  • CVE-2025-24900HigFeb 11, 2025
    risk 0.49cvss 8.6epss 0.00

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In…

  • CVE-2024-56200HigDec 19, 2024
    risk 0.49cvss 8.6epss 0.01

    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server…