2 matches found
CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker
Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...
NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker vulnerability discovered by ? in WordPress Npm cinny versions 4.10.3...