Lucene search
K

71 matches found

CVE
CVE
added 2025/04/08 3:22 p.m.52 views

CVE-2025-32026

Element Web (Matrix Web client) versions 1.11.16–1.11.96 expose a vulnerability where, if configured to load Element Call from an external URL, an external page can gain access to media encryption keys used during a call. Root cause: external URL loading creates a trust boundary bypass that leaks...

3.8CVSS7.1AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 3:22 p.m.8 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS7.1AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 3:22 p.m.4 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS6.9AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15454 · Matrix · Element Web

Name of the Vulnerable Software and Affected Versions: Element Web versions 1.11.16 through 1.11.96 Description: The issue concerns Element Web, a Matrix web client, where versions from 1.11.16 to 1.11.96 can be configured to load Element Call from an external URL. Under certain conditions, this...

3.8CVSS6.5AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/11/14 12:18 a.m.5 views

SUSE CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS6.9AI score0.0033EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.13 views

FreeBSD : element-web -- several vulnerabilities (ab4e6f65-a142-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab4e6f65-a142-11ef-84e9-901b0e9408dc advisory. Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if...

5CVSS5.6AI score0.00476EPSS
Exploits0References5
NVD
NVD
added 2024/11/12 5:15 p.m.30 views

CVE-2024-51750

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS0.00476EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 5:15 p.m.58 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/12 4:34 p.m.23 views

CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS0.00476EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 4:34 p.m.15 views

CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS6.9AI score0.00476EPSS
Exploits0References4
CVE
CVE
added 2024/11/12 4:34 p.m.50 views

CVE-2024-51750

CVE-2024-51750 affects Element Web/Desktop prior to version 1.11.85. A malicious homeserver can send invalid messages over federation, which can prevent rendering of single messages or the entire room containing them. The issue is documented across multiple feeds, with remediation implemented in ...

5CVSS5.1AI score0.00476EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/12 4:34 p.m.20 views

CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS7.2AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.12 views

PT-2024-34881 · Unknown · Element Desktop +1

Name of the Vulnerable Software and Affected Versions: Element Web and Desktop versions prior to 1.11.85 Description: A malicious homeserver can send invalid messages over federation, which can prevent Element Web and Desktop from rendering single messages or the entire room containing them...

5CVSS7.2AI score0.00476EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2024/11/12 12:0 a.m.11 views

element-web -- several vulnerabilities

Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. A malicious homeserver can send invalid messages over...

6.9AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2024/10/19 12:0 a.m.11 views

element-web-1.11.81-1.1 on GA media (moderate)

element-web-1.11.81-1.1 on GA media Announcement ID: openSUSE-SU-2024:14407-1 Rating: moderate Cross-References: CVE-2024-47771 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7CVSS7.3AI score0.00567EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/10/17 2:48 a.m.3 views

SUSE CVE-2024-47779

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS7.2AI score0.00417EPSS
Exploits0References3
OSV
OSV
added 2024/10/17 12:0 a.m.8 views

OPENSUSE-SU-2024:14407-1 element-web-1.11.81-1.1 on GA media

These are all security issues fixed in the element-web-1.11.81-1.1 package on the GA media of openSUSE Tumbleweed...

7CVSS6.3AI score0.00567EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.20 views

FreeBSD : element-web -- Potential exposure of access token via authenticated media (851ce3e4-8b03-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 851ce3e4-8b03-11ef-84e9-901b0e9408dc advisory. Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can,...

7CVSS5.5AI score0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/15 3:28 p.m.20 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS6.5AI score0.00417EPSS
Exploits0References2
OSV
OSV
added 2024/10/15 3:28 p.m.12 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS6.8AI score0.00417EPSS
Exploits0References4
Rows per page
Query Builder