CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/12/09 12:0 a.m.•2 views

Matrix Rust SDK 安全漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A security vulnerability exists in Matrix Rust SDK 0.14.1 and earlier versions, which stems from a serialization error that could lead to a denial of service...

7.5CVSS6.3AI score0.00345EPSS

EUVD•added 2025/10/03 8:7 p.m.•14 views

EUVD-2022-6473

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01353EPSS

Exploits0References3

CNNVD•added 2025/09/11 12:0 a.m.•1 views

Matrix Rust SDK 安全漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A security vulnerability exists in versions of the Matrix Rust SDK prior to 0.14.1, which stems from a potential panic that could be triggered when dealing with permission levels ...

6.9CVSS6.3AI score0.00374EPSS

Exploits0References5

SUSE CVE•added 2025/07/14 11:21 p.m.•2 views

SUSE CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

7.7CVSS8.6AI score0.00254EPSS

Exploits0References3

NVD•added 2025/07/10 7:15 p.m.•6 views

CVE-2025-53549

7.7CVSS0.00254EPSS

Cvelist•added 2025/07/10 6:28 p.m.•9 views

CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation

7.7CVSS0.00254EPSS

CVE•added 2025/07/10 6:28 p.m.•37 views

CVE-2025-53549

Summary: The matrix-sdk-sqlite component contains an SQL injection in SqliteEventCacheStore::find_event_with_relations, where SQL is constructed via format!() with unescaped input. This allows an attacker to inject arbitrary SQL when a Matrix client uses the default sqlite-based store backend and...

7.7CVSS8AI score0.00254EPSS

Vulnrichment•added 2025/07/10 6:28 p.m.•3 views

CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation

7.7CVSS8AI score0.00254EPSS

OSV•added 2025/07/10 6:28 p.m.•14 views

CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation

7.7CVSS8.6AI score0.00254EPSS

CNNVD•added 2025/07/10 12:0 a.m.•2 views

Matrix Rust SDK SQL注入漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...

7.7CVSS7.7AI score0.00254EPSS

RedhatCVE•added 2025/06/12 4:10 p.m.•5 views

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS4.8AI score0.00311EPSS

OSV•added 2025/06/10 3:32 p.m.•13 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

4.9CVSS6.5AI score0.00311EPSS

Exploits0References6

CNNVD•added 2025/06/10 12:0 a.m.•2 views

matrix-rust-sdk 安全漏洞

matrix-rust-sdk is a Matrix open source implementation of the Matrix client-server library in Rust. A security vulnerability exists in matrix-rust-sdk versions 0.8.0 through 0.11.0, which stems from insufficient sender authentication and could lead to event tampering...

4.9CVSS6.5AI score0.00311EPSS

Exploits0References5

Positive Technologies•added 2025/06/10 12:0 a.m.•2 views

PT-2025-24684 · Unknown · Matrix-Rust-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-rust-sdk versions 0.8.0 through 0.11.0 Description: The issue arises from the failure to correctly validate the sender of an encrypted event in the matrix-sdk-crypto component. This allows a malicious homeserver operator to modify even...

4.9CVSS6.2AI score0.00311EPSS

Exploits0References12

RedhatCVE•added 2025/05/22 11:7 p.m.•4 views

CVE-2022-36124

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

7.5CVSS6.8AI score0.01276EPSS

Positive Technologies•added 2025/03/31 12:0 a.m.•3 views

PT-2025-37273

Name of the Vulnerable Software and Affected Versions matrix-rust-sdk affected versions not specified Description A Denial-of-Service issue exists due to improper handling of symlinks symbolic links, which are files that point to another file or directory. Recommendations At the moment, there is ...

5.4AI score0.00176EPSS

RedhatCVE•added 2025/02/05 7:40 p.m.•6 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS6.6AI score0.00485EPSS

OSV•added 2025/01/15 9:25 p.m.•2 views

GHSA-C873-WFHP-WX5M SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

7AI score