Lucene search
K

3628 matches found

NVD
NVD
added 2025/10/16 7:15 p.m.5 views

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 6:44 p.m.3 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.4AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 6:44 p.m.10 views

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

8.3CVSS6.4AI score0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/16 6:44 p.m.6 views

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.2AI score0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 6:44 p.m.10 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 6:44 p.m.5 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.8AI score0.00427EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Matrix Authentication Service 安全漏洞

Matrix Authentication Service is a user management and authentication system from Element Open Source. A security vulnerability exists in Matrix Authentication Service versions 0.20.0 through 1.4.0, which stems from a logic flaw that could allow an attacker to perform sensitive operations without...

8.3CVSS6.8AI score0.00427EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/10 3:9 p.m.3 views

EUVD-2025-33729

Malicious code in matrix-charts npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/10/10 3:9 p.m.2 views

Malicious Package

Overview matrix-charts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/10 3:9 p.m.5 views

Malicious code in matrix-charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec928e940d4a9d80d7e512630b842c44283854acb9421a3ecb97c288f07fb7a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/10/10 3:9 p.m.3 views

MAL-2025-48298 Malicious code in matrix-charts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec928e940d4a9d80d7e512630b842c44283854acb9421a3ecb97c288f07fb7a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/08 5:51 p.m.4 views

Improper Validation of Specified Type of Input

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...

5.4CVSS6.8AI score0.0044EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/08 5:51 p.m.3 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2025-61672 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2025-61672 Source advisory: OSV:GHSA-FH66-FCV5-JJFR...

5.3CVSS5.8AI score0.0044EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/10/08 2:55 p.m.6 views

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS5.4AI score0.0044EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

synapse 安全漏洞

synapse is a matrix master server from Element open source. A security vulnerability exists in synapse versions prior to 1.138.3 and 1.139.0, which stems from a missing device key authentication and could lead to degradation of federation functionality...

5.3CVSS6.4AI score0.0044EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2025/10/08 12:0 a.m.5 views

matrix-synapse-1.139.1-1.1 on GA media (moderate)

matrix-synapse-1.139.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15603-1 Rating: moderate Cross-References: CVE-2025-61672 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

5.3CVSS7.2AI score0.0044EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/07 11:25 p.m.4 views

SUSE CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS7AI score0.0044EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3135

Malware in sbrugna...

7.5CVSS7.6AI score0.03652EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-9379

Malware in sbrugna...

5.3CVSS5.5AI score0.01894EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3134

Malware in sbrugna...

7.5CVSS7.6AI score0.03652EPSS
Exploits0References2
Rows per page
Query Builder