3628 matches found
CVE-2025-62425
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425
MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...
EUVD-2025-34822
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
Matrix Authentication Service 安全漏洞
Matrix Authentication Service is a user management and authentication system from Element Open Source. A security vulnerability exists in Matrix Authentication Service versions 0.20.0 through 1.4.0, which stems from a logic flaw that could allow an attacker to perform sensitive operations without...
EUVD-2025-33729
Malicious code in matrix-charts npm...
Malicious Package
Overview matrix-charts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in matrix-charts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec928e940d4a9d80d7e512630b842c44283854acb9421a3ecb97c288f07fb7a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48298 Malicious code in matrix-charts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec928e940d4a9d80d7e512630b842c44283854acb9421a3ecb97c288f07fb7a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Improper Validation of Specified Type of Input
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2025-61672 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2025-61672 Source advisory: OSV:GHSA-FH66-FCV5-JJFR...
CVE-2025-61672
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...
synapse 安全漏洞
synapse is a matrix master server from Element open source. A security vulnerability exists in synapse versions prior to 1.138.3 and 1.139.0, which stems from a missing device key authentication and could lead to degradation of federation functionality...
matrix-synapse-1.139.1-1.1 on GA media (moderate)
matrix-synapse-1.139.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15603-1 Rating: moderate Cross-References: CVE-2025-61672 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
SUSE CVE-2025-61672
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...
EUVD-2016-3135
Malware in sbrugna...
EUVD-2016-9379
Malware in sbrugna...
EUVD-2016-3134
Malware in sbrugna...