CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

407 matches found

PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

OSV•added last week•1 views

PYSEC-2026-191

5.5CVSS5.8AI score0.00014EPSS

Exploits0References1

OSV•added last week•3 views

DEBIAN-CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.8AI score0.00091EPSS

Exploits0References1

OSV•added last week•2 views

DEBIAN-CVE-2026-45078

5.5CVSS5.8AI score0.00014EPSS

Exploits0References1

EUVD•added last week•5 views

EUVD-2026-32935

6.8CVSS5.8AI score0.00014EPSS

Exploits0References1

CVE•added last week•8 views

CVE-2026-45078

CVE-2026-45078 — Synapse CPU starvation (Denial of Service) Affected: Synapse (open source Matrix homeserver) before version 1.152.1. Issue: Local authenticated users can cause CPU starvation among concurrent requests, leading to other requests failing and denial of service for other users. Impac...

6.8CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

Debian CVE•added last week•4 views

CVE-2026-45078

6.8CVSS5.8AI score0.00014EPSS

Exploits0

ATTACKERKB•added last week•2 views

CVE-2026-45078

6.8CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-45981

5.5CVSS5.8AI score

Exploits0References2

Vulnrichment•added 2026/05/27 5:27 p.m.•4 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00165EPSS

Exploits0References2

Github Security Blog•added 2026/05/07 4:40 p.m.•5 views

Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00165EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/04 8:22 p.m.•3 views

GHSA-55CF-XX38-4P9P OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Summary Workspace dotenv files cannot override connector endpoint hosts. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or...

5.3CVSS5.8AI score0.00011EPSS

Exploits0References5

Github Security Blog•added 2026/05/04 8:22 p.m.•3 views

OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

5CVSS5.8AI score0.00011EPSS

Exploits0References5Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в thunderbird

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS5.9AI score0.00877EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...

8.6CVSS7AI score0.00278EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...

8.6CVSS7AI score0.00294EPSS

Exploits0References1

Fedora•added 2026/03/10 12:54 a.m.•1 views

[SECURITY] Fedora 43 Update: matrix-synapse-1.147.1-1.fc43

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

9.2CVSS5.8AI score0.0006EPSS

Exploits0

NVD•added 2026/03/05 10:16 p.m.•2 views

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

6.3CVSS0.00044EPSS

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•0 views

CVE-2026-28471

5.3CVSS5.8AI score

Exploits0References3

EUVD•added 2026/03/05 9:59 p.m.•1 views

EUVD-2026-9917

6.3CVSS5.9AI score0.00044EPSS

Exploits0References3

Rows per page