Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-63097 Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS0.0016EPSS
Exploits0References2
OSV
OSV
added 2 days ago5 views

CVE-2026-63097 Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.4AI score0.0016EPSS
Exploits0References5
OSV
OSV
added 2024/05/29 6:50 p.m.19 views

GHSA-65V7-WG35-2QPM Sylius Resource Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

6.5CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/29 6:50 p.m.22 views

Sylius Resource Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

6.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder