Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

453 matches found

RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.6AI score0.00165EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 6:16 p.m.8 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:27 p.m.8 views

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/27 5:27 p.m.18 views

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/27 5:27 p.m.6 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 5:27 p.m.35 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS0.00165EPSS
Exploits0References2
Snyk
Snykadded 2026/05/07 4:40 p.m.4 views

Origin Validation Error

Overview cinny is a Yet another matrix client Affected versions of this package are vulnerable to Origin Validation Error in the process that handles emoji pack avatar URLs in the service worker. An attacker can obtain a victim's access token by crafting a malicious emote pack with an...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSVadded 2026/05/07 4:40 p.m.1 views

GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/05/07 4:40 p.m.6 views

Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2026/05/07 4:40 p.m.7 views

NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker vulnerability discovered by ? in WordPress Npm cinny versions 4.10.3...

5.8AI score0.00165EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.6 views

PT-2026-38614

Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...

7.1CVSS5.9AI score0.00165EPSS
Exploits0References6
Microsoft KB
Microsoft KBadded 2026/03/26 12:0 a.m.5 views

March 26, 2026—KB5079489 (OS Build 28000.1764) Preview

March 26, 2026—KB5079489 OS Build 28000.1764 Preview ​​​​​This non-security update for Windows 11, version 26H1 KB5079489, incudes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, Out-of-band OOB updates, and...

5.8AI score
Exploits0
Veracode
Veracodeadded 2026/03/20 1:8 p.m.5 views

Regular Expression Denial Of Service (ReDoS)

Valibot is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient processing in the EMOJIREGEX used by the emoji action, which allows an attacker to supply a crafted input that triggers excessive CPU consumption and causes a denial of service...

7.5CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/05 5:54 a.m.8 views

CVE-2026-28029

CVE-2026-28029 is a Local File Inclusion (LFI) vulnerability in the WordPress ThemeREX EmojiNation EmojiNation theme, due to improper control of the filename in PHP include/require statements. Affects EmojiNation versions from n/a up to and including 1.0.12. The Markdown-referenced sources descri...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/05 5:54 a.m.2 views

CVE-2026-28029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX EmojiNation emojination allows PHP Local File Inclusion.This issue affects EmojiNation: from n/a through = 1.0.12...

5.9AI score0.00172EPSS
Exploits0References2
OSV
OSVadded 2026/01/21 6:16 p.m.2 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References4
NVD
NVDadded 2026/01/21 6:16 p.m.3 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS0.00084EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/21 5:27 p.m.5 views

CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS5.6AI score0.00084EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/21 5:27 p.m.19 views

CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS0.00084EPSS
Exploits0References4
EUVD
EUVDadded 2026/01/21 5:27 p.m.4 views

EUVD-2026-3657

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS5.6AI score0.00084EPSS
Exploits0References6
Rows per page
Query Builder