Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 4:40 p.m.4 views

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS6.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 8:18 p.m.5 views

GHSA-MP7C-M3RH-R56V matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

6.9CVSS6.9AI score0.00227EPSS
Exploits0References6
Snyk
Snyk
added 2025/09/16 8:18 p.m.3 views

Missing Authorization

Overview matrix-js-sdk is a Matrix Client-Server SDK for Javascript Affected versions of this package are vulnerable to Missing Authorization via insufficient validation of room predecessor links in the getJoinedRooms function. An attacker can cause a user to join an attacker-controlled room by...

6.9CVSS6.6AI score0.00227EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/16 8:18 p.m.8 views

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

6.9CVSS6.9AI score0.00227EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/09/16 5:15 p.m.3 views

DEBIAN-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS5.5AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 5:15 p.m.3 views

UBUNTU-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

6.9CVSS5.8AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/16 4:44 p.m.33 views

CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

6.9CVSS0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 4:44 p.m.2 views

CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

6.9CVSS6.6AI score0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.14 views

PT-2025-38059

Name of the Vulnerable Software and Affected Versions: Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112 Description: Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remot...

6.9CVSS6.3AI score0.0038EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-38058

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 38.2.0 Description: The Matrix JavaScript SDK has insufficient validation of room predecessor links in the MatrixClient::getJoinedRooms function, potentially allowing a remote attacker to replace a tombstoned...

6.9CVSS6.5AI score0.00227EPSS
Exploits0References12
Rows per page
Query Builder