EUVD-2025-0042

Malicious code in bioql PyPI...

ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by Using OAuth-Enhanced Tool Definitions and Policy-Based Access Control

The Model Context Protocol MCP plays a crucial role in extending the capabilities of Large Language Models LLMs by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool Poisoning and Rug Pull...

CVE-2024-52813

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

CVE-2024-52813

CVE-2024-52813 concerns matrix-sdk-crypto in the matrix-rust-sdk. Version pre-0.8.0 lacks a dedicated mechanism to notify when a user’s cryptographic identity changes from verified to unverified, potentially causing clients to overlook such changes. The fix introduced in 0.8.0 adds a new Verifica...

Improper Authentication

matrix-js-sdk is vulnerable to Improper Authentication. The vulnerability is due to the method sendSharedHistoryKeys sends historical message keys to all devices of an invited user without checking if the user's cryptographic identity is verified or if the devices are signed by that identity,...

CVE-2024-47080

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

CVE-2024-47080 matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

CVE-2024-47080 matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

Missing facility to signal rotation of a verified cryptographic identity

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...

RUSTSEC-2024-0434 Missing facility to signal rotation of a verified cryptographic identity

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...