Filter
-Infinity
0
Trending
npm/matrix-appservice-ircMatrix IRC Bridge allows IRC command injection to own puppeted user
4.3
EPSS
0.03%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix Javascript SDKPrototype pollution in matrix-js-sdk
8.2
First published (updated )
npm/matrix-js-sdkPrototype pollution in matrix-js-sdk
8.2
First published (updated )
Matrix React SDKPrototype pollution in matrix-react-sdk
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Red Hat FedoraSynapse vulnerable to leak of remote user device information
5.3
First published (updated )
Matrix SynapseSynapse Outgoing federation to specific hosts can be disabled by sending malicious invites
First published (updated )
Matrix SynapseSynapse Denial of service due to incorrect application of event authorization rules during state resolution
6.5
First published (updated )
Matrix Hookshotmatrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
6.5
EPSS
0.04%
First published (updated )
Matrix Javascript SDKmatrix-js-sdk vulnerable to invisible eavesdropping in group calls
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseSynapse does not apply enough checks to servers requesting auth events of events in a room
First published (updated )
Matrix SynapseImproper checks for deactivated users during login in synapse
5.4
First published (updated )
Matrix SynapseURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Red Hat FedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us…
7.5
First published (updated )
Matrix SydentSydent does not verify email server certificates
9.3
First published (updated )
npm/matrix-appservice-ircmatrix-appservice-irc IRC command injection via admin commands containing newlines
9.8
First published (updated )
npm/matrix-appservice-bridgematrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/matrix-appservice-ircmatrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
3.7
First published (updated )
pip/matrix-synapseDenial of service in Matrix Synapse
5.3
First published (updated )
Red Hat FedoraTemporary storage of plaintext passwords during password changes in matrix synapse
3.7
First published (updated )
Matrix SydentSSRF in Sydent due to missing validation of hostnames
7.7
First published (updated )
pip/matrix-synapseDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.