Lucene search
+L

416 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6895

Malicious code in bioql PyPI...

7.3CVSS6.1AI score0.00307EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-39164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list o...

3.5CVSS6.7AI score0.01457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-32323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to...

5CVSS6.6AI score0.00981EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/08/25 11:58 p.m.4 views

SUSE CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities-it already learns the users' passwords as...

3.7CVSS6.4AI score0.00362EPSS
Exploits0References3
Fedora
Fedora
added 2025/08/22 2:12 a.m.8 views

[SECURITY] Fedora 41 Update: matrix-synapse-1.136.0-1.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-21393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In...

6.5CVSS6.7AI score0.01596EPSS
Exploits0References2
Fedora
Fedora
added 2025/08/13 1:17 a.m.9 views

[SECURITY] Fedora 42 Update: matrix-synapse-1.135.2-1.fc42

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/12 4:10 p.m.10 views

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS4.8AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 12:0 p.m.8 views

RUSTSEC-2025-0041 matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

4.9CVSS5.5AI score0.00311EPSS
Exploits0References3
RustSec
RustSec
added 2025/06/11 12:0 p.m.11 views

matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

4.9CVSS7.2AI score0.00311EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/10 8:15 p.m.22 views

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

4.9CVSS5AI score0.00311EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/06/10 8:15 p.m.11 views

GHSA-X958-RVG6-956W matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

4.9CVSS6.9AI score0.00311EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/06/10 3:32 p.m.8 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
OSV
OSV
added 2025/06/10 3:32 p.m.16 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS6.5AI score0.00311EPSS
Exploits0References6
CVE
CVE
added 2025/06/10 3:32 p.m.122 views

CVE-2025-48937

The CVE-2025-48937 issue affects matrix-sdk-crypto (part of matrix-rust-sdk). Versions 0.8.0 through 0.11.0 do not properly validate the sender of an encrypted event, allowing a malicious homeserver operator to modify encrypted events served to clients so that recipients see them as from another ...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.8 views

CVE-2024-47824

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

8.7CVSS7AI score0.0066EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.4 views

CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

6.5CVSS6.7AI score0.01463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.7 views

CVE-2023-2739

A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27" leads to cross site scripting. The attack can be initiated remotely. The...

6.1CVSS6.2AI score0.0045EPSS
Exploits0References1
Fedora
Fedora
added 2025/04/11 6:32 p.m.18 views

[SECURITY] Fedora 42 Update: matrix-synapse-1.127.1-1.fc42

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

7.5CVSS6.8AI score0.01157EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-39374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the sa...

6.5CVSS6.3AI score0.00941EPSS
Exploits0References2
Rows per page
Query Builder