3660 matches found
CVE-2025-27155
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...
Linux Distros Unpatched Vulnerability : CVE-2024-50336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via...
Linux Distros Unpatched Vulnerability : CVE-2022-39251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...
Linux Distros Unpatched Vulnerability : CVE-2021-40823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an...
Linux Distros Unpatched Vulnerability : CVE-2022-39250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious...
Linux Distros Unpatched Vulnerability : CVE-2022-36059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can...
Linux Distros Unpatched Vulnerability : CVE-2023-28427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...
Linux Distros Unpatched Vulnerability : CVE-2023-29529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can...
Linux Distros Unpatched Vulnerability : CVE-2021-44538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel...
Linux Distros Unpatched Vulnerability : CVE-2024-47080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method...
Linux Distros Unpatched Vulnerability : CVE-2022-39236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede t...
Linux Distros Unpatched Vulnerability : CVE-2024-42369
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the...
Linux Distros Unpatched Vulnerability : CVE-2022-39249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...
Linux Distros Unpatched Vulnerability : CVE-2021-34813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the...
CVE-2025-27155
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...
CVE-2025-27155 In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...
CVE-2025-27155 In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...
CVE-2025-27155
CVE-2025-27155 affects the Pinecone project’s Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337. The vulnerability is an in-memory/stored Cross-Site Scripting (XSS) flaw in pineconesim, where stored payloads are wiped only on restart (not permanent). This aligns with the ...
CVE-2025-27155 In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator pineconesim included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped whe...
Arbitrary IRC Command Execution
matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...