Lucene search
K

11 matches found

PyPA
PyPA
added 2026/05/28 5:16 p.m.8 views

PYSEC-2026-194

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.4AI score0.00369EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/28 5:16 p.m.9 views

PYSEC-2026-194

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

2.7CVSS5.4AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 3:50 p.m.15 views

CVE-2026-45076 Synapse pagination denial of service

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 3:50 p.m.14 views

EUVD-2026-32934

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/28 3:50 p.m.8 views

CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.8AI score0.00369EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.15 views

Synapse pagination Denial of Service

Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. Patches Update to Synapse 1.152.1 or later. Workarounds There are no known workaround...

5.1CVSS5.9AI score0.00369EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References10
OSV
OSV
added 2024/10/15 6:11 p.m.8 views

GHSA-QCVH-P9JQ-WP8V Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room

Impact matrix-react-sdk before 3.102.0 allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared...

8.7CVSS6.2AI score0.0066EPSS
Exploits0References5
OSV
OSV
added 2024/10/15 2:53 p.m.13 views

CVE-2024-47080 matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

8.7CVSS6.5AI score0.00682EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/10/15 2:53 p.m.10 views

CVE-2024-47080

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

8.7CVSS5.5AI score0.00682EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.6 views

PT-2024-7389 · Unknown +1 · Matrix-Js-Sdk +1

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions 9.11.0 through 34.7.0 Description: The issue is related to the MatrixClient.sendSharedHistoryKeys method in the matrix-js-sdk, which is vulnerable to interception by malicious homeservers. This method is used to share...

8.7CVSS6.7AI score0.00682EPSS
Exploits0References24
Rows per page
Query Builder