Filter
Software
matrix synapse
33
matrix javascript sdk
10
matrix sydent
7
matrix matrix irc bridge
6
matrix software development kit
4
matrix dendrite
2
matrix element
2
matrix matrix-appservice-bridge
2
matrix olm
2
matrix gomatrixserverlib
1
matrix hookshot
1
matrix matrix ftp server
1
matrix matrix-android-sdk2
1
matrix matrix-react-sdk
1
matrix matrix-rust-sdk
1
matrix react sdk
1
Fedoraproject FedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us…
7.5
First published (updated )
Matrix SydentSydent does not verify email server certificates
9.3
First published (updated )
Matrix Matrix Irc Bridgematrix-appservice-irc IRC command injection via admin commands containing newlines
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/matrix-appservice-bridgematrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
6.5
First published (updated )
Matrix Matrix Irc Bridgematrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
3.7
First published (updated )
Fedoraproject FedoraTemporary storage of plaintext passwords during password changes in matrix synapse
3.7
First published (updated )
Matrix SydentSSRF in Sydent due to missing validation of hostnames
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
6.5
First published (updated )
Matrix SynapseHTML injection in email and account expiry notifications
6.1
First published (updated )
Matrix SynapseURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseCross-site scripting (XSS) vulnerability in the password reset endpoint
8.2
First published (updated )
Fedoraproject FedoraURL previews can crash Synapse media repositories or Synapse monoliths
6.5
First published (updated )
Matrix SynapseOpen redirect via transitional IPv6 addresses on dual-stack networks
6.3
First published (updated )
Matrix SynapseSynapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
7.5
First published (updated )
Matrix SynapseSynapse Denial of service due to incorrect application of event authorization rules during state resolution
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseDenial of service attack via .well-known lookups
6.5
First published (updated )
Matrix SynapseSynapse does not apply enough checks to servers requesting auth events of events in a room
First published (updated )
Matrix SynapseDenial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
6.5
First published (updated )
Fedoraproject FedoraImproper validation of receipts allows forged read receipts in matrix synapse
4.3
First published (updated )
Fedoraproject FedoraDenial of service attack via incorrect parameters to federation APIs
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject Fedoramatrix-synapse vulnerable to denial of service due to malicious server ACL events
4.9
First published (updated )
Matrix SydentMalicious users could control the content of invitation emails
5.7
First published (updated )
Matrix SynapseImproper checks for deactivated users during login in synapse
5.4
First published (updated )
pip/matrix-synapseMatrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over …
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.