CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-6558

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00623EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 7:5 a.m.•4 views

CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

4.3CVSS6.5AI score0.00109EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:10 a.m.•3 views

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

8.8CVSS6.7AI score0.00623EPSS

Exploits0

Tenable Nessus•added 2025/01/30 12:0 a.m.•5 views

FreeBSD : dendrite -- Server-side request forgery vulnerability (cd2ace09-df23-11ef-a205-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cd2ace09-df23-11ef-a205-901b0e9408dc advisory. Dendrite team reports: This is a security release, gomatrixserverlib was vulnerable to server-side...

4.3CVSS6.9AI score0.00109EPSS

Exploits0References3

SUSE CVE•added 2025/01/29 3:54 a.m.•1 views

SUSE CVE-2024-52594

4.3CVSS6.8AI score0.00109EPSS

Exploits0References3

Veracode•added 2025/01/18 8:23 p.m.•7 views

Server-Side Request Forgery

Gomatrixserverlib is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper validation of network requests, allowing the library to serve content from a private network it can access under certain conditions, which attackers can exploit to access internal network...

4.3CVSS6.6AI score0.00109EPSS

Exploits0References3Affected Software2

OSV•added 2025/01/16 10:53 p.m.•11 views

GO-2025-3396 Server-Side Request Forgery (SSRF) on redirects and federation in github.com/matrix-org/gomatrixserverlib

Server-Side Request Forgery SSRF on redirects and federation in github.com/matrix-org/gomatrixserverlib...

4.3CVSS4.9AI score0.00109EPSS

Exploits0References3

Vulnrichment•added 2025/01/16 6:57 p.m.•4 views

CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib

4.3CVSS4.8AI score0.00109EPSS

Exploits0References2

OSV•added 2025/01/16 6:57 p.m.•4 views

CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib

4.3CVSS6.6AI score0.00109EPSS

Exploits0References4

AlpineLinux•added 2025/01/16 6:57 p.m.•7 views

CVE-2024-52594

4.3CVSS6.8AI score0.00109EPSS

Exploits0

Cvelist•added 2025/01/16 6:57 p.m.•14 views

CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib

4.3CVSS0.00109EPSS

Exploits0References2

CVE•added 2025/01/16 6:57 p.m.•45 views

CVE-2024-52594

Gomatrixserverlib (Go library for Matrix federation) is affected by a server-side request forgery (SSRF) vulnerability that could have allowed a service using gomatrixserverlib to access content from a private network under certain conditions. The issue is rooted in redirects/handling that could ...

4.3CVSS6.7AI score0.00109EPSS

Exploits0References2

FreeBSD•added 2025/01/16 12:0 a.m.•5 views

dendrite -- Server-side request forgery vulnerability

Dendrite team reports: This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions...

4.3CVSS7AI score0.00109EPSS

Exploits0References1

Positive Technologies•added 2025/01/16 12:0 a.m.•7 views

PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1

Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...

8.9CVSS6.3AI score0.02218EPSS

Exploits2References91

CNNVD•added 2025/01/16 12:0 a.m.•3 views

gomatrixserverlib 代码问题漏洞

gomatrixserverlib is a Go library from the Matrix Foundation. It is used for common functions required by Matrix servers. A code issue vulnerability exists in Gomatrixserverlib that stems from vulnerability to server-side request forgery attacks...

4.3CVSS6.9AI score0.00109EPSS

Exploits0References2

Github Security Blog•added 2022/08/30 7:54 p.m.•25 views

gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth

Impact The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result in events either...

8.8CVSS8.3AI score0.00623EPSS

Exploits0References6Affected Software2

OSV•added 2022/08/30 7:54 p.m.•14 views

GHSA-GRVV-H2F9-7V9C gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth

5CVSS6.6AI score0.00623EPSS

Exploits0References6

OSV•added 2022/08/22 6:8 p.m.•20 views

GO-2022-0952 Incorrect event parsing in github.com/matrix-org/gomatrixserverlib

Power level parsing does not parse the "eventsdefault" key of the m.room.powerlevels event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the eventdefault power level has been changed...

8.8CVSS6.5AI score0.00623EPSS

Exploits0References1