CVE-2025-64717 ZITADEL vulnerable to Account Takeover with deactivated Instance IdP

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

SUSE CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

FreeBSD : dendrite -- Signature checks not applied to some retrieved missing events (4ebaa983-3299-11ed-95f8-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4ebaa983-3299-11ed-95f8-901b0e9408dc advisory. - Dendrite team reports: Events retrieved from a remote homeserver using /getmissingevents did not have...