VYPR
Vendor

Nexryai

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2025-24973CriFeb 11, 2025
    risk 0.53cvss 9.3epss 0.00

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may…

  • CVE-2025-24900HigFeb 11, 2025
    risk 0.49cvss 8.6epss 0.00

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In…

  • CVE-2024-56200HigDec 19, 2024
    risk 0.49cvss 8.6epss 0.01

    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server…

  • CVE-2023-52077HigDec 27, 2023
    risk 0.00cvss 8.9epss 0.01

    Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as…

  • CVE-2023-49095HigNov 30, 2023
    risk 0.00cvss 8.6epss 0.01

    nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.

  • CVE-2023-43805HigOct 4, 2023
    risk 0.00cvss 7.5epss 0.01

    Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround,…