CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2025-66622 matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values

matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room wit...

EUVD-2024-2936

Malicious code in bioql PyPI...

EUVD-2025-29626

Malicious code in bioql PyPI...

EUVD-2024-2249

Malicious code in bioql PyPI...

EUVD-2022-6957

Malicious code in bioql PyPI...

EUVD-2023-1214

Malicious code in bioql PyPI...

EUVD-2024-23422

Malicious code in bioql PyPI...

EUVD-2025-0042

Malicious code in bioql PyPI...

CVE-2025-59161

CVE-2025-59161 affects Element Web and Element Desktop prior to 1.11.112. The issue stems from insufficient validation of room predecessor links, which could allow a remote attacker to impermanently replace a room’s entry in the room list with an attacker-supplied room. The effect is described as...

CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

matrix-js-sdk 数据伪造问题漏洞

matrix-js-sdk is an application component of Matrix open source. A data forgery issue vulnerability exists in matrix-js-sdk versions prior to 38.2.0, which stems from insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, which could lead to an attacker replacing a...

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

Linux Distros Unpatched Vulnerability : CVE-2022-39254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their...

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

Element 安全漏洞

Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element versions 1.11.16 through 1.11.96, which stems from a configuration that allows an Element Call to be loaded from an external URL, resulting in the disclosure of media encryption keys...

CVE-2024-52813

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...