Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/22 5:32 a.m.3 views

Improper Check for Dropped Privileges

Overview Affected versions of this package are vulnerable to Improper Check for Dropped Privileges due to the omission of constraint extensions such as [email protected] when adding a key to a remote agent. An attacker can bypass intended key usage restrictions by forwarding ke...

9.1CVSS5.8AI score0.00068EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/22 2:31 a.m.29 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

0.00068EPSS
Exploits0References4
AstraLinux
AstraLinuxadded 2025/10/31 4:38 p.m.1 views

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS6.8AI score0.00477EPSS
Exploits0References1
OSV
OSVadded 2022/09/30 10:56 p.m.16 views

GHSA-W4PR-4VJG-HFFH When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...

8.6CVSS7.1AI score0.00245EPSS
Exploits0References4
OSV
OSVadded 2022/09/29 3:15 p.m.0 views

UBUNTU-CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS6.9AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2022/09/29 12:0 a.m.1 views

PT-2022-24846 · Unknown · Matrix-Nio

Name of the Vulnerable Software and Affected Versions: matrix-nio versions prior to 0.20 Description: The issue arises when a user requests a room key from their devices. The software remembers the request but fails to check the origin of the forwarded room key, allowing homeservers to potentiall...

8.6CVSS7.1AI score0.00245EPSS
Exploits0References12
Positive Technologies
Positive Technologiesadded 2022/09/29 12:0 a.m.2 views

PT-2022-24845 · Unknown · Matrix-Rust-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-rust-sdk versions prior to 0.6 Description: The issue arises when a user requests a room key from their devices. The software correctly remembers the request but fails to check the origin of the forwarded room key, allowing homeservers...

8.6CVSS7.5AI score0.00158EPSS
Exploits0References12
Rows per page
Query Builder