Filter
-Infinity
0
Trending
Matrix Hookshotmatrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix olmAn issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cac…
5.3
First published (updated )
Matrix olmAn issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use o…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix olmAn issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due…
4.3
First published (updated )
npm/matrix-js-sdkA room with itself as a its predecessor will freeze matrix-js-sdk
5.3
First published (updated )
npm/matrix-react-sdkURL preview setting for a room is controllable by the homeserver in matrix-react-sdk
7.7
First published (updated )
FedoraSynapse vulnerable to leak of remote user device information
5.3
First published (updated )
Fedoramatrix-synapse vulnerable to denial of service due to malicious server ACL events
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix HookshotSandbox escape for instances that have enabled transformation functions in matrix-hookshot
First published (updated )
FedoraImproper validation of receipts allows forged read receipts in matrix synapse
4.3
First published (updated )
FedoraTemporary storage of plaintext passwords during password changes in matrix synapse
3.7
First published (updated )
npm/matrix-appservice-ircmatrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
3.7
First published (updated )
npm/matrix-appservice-bridgematrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/matrix-appservice-ircmatrix-appservice-irc IRC command injection via admin commands containing newlines
9.8
First published (updated )
Matrix SydentSydent does not verify email server certificates
9.3
First published (updated )
Matrix SynapseURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
5.4
First published (updated )
Matrix SynapseImproper checks for deactivated users during login in synapse
5.4
First published (updated )
Matrix SynapseSynapse Outgoing federation to specific hosts can be disabled by sending malicious invites
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseSynapse Denial of service due to incorrect application of event authorization rules during state resolution
6.5
First published (updated )
Matrix SynapseSynapse does not apply enough checks to servers requesting auth events of events in a room
First published (updated )
Matrix Javascript SDKmatrix-js-sdk vulnerable to invisible eavesdropping in group calls
5.3
First published (updated )
Matrix React SDKPrototype pollution in matrix-react-sdk
8.2
First published (updated )
npm/matrix-js-sdkPrototype pollution in matrix-js-sdk
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.