CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

102 matches found

OSV•added 2026/05/28 5:16 p.m.•4 views

DEBIAN-CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

2.7CVSS5.8AI score0.00091EPSS

Exploits0References1

ATTACKERKB•added 2026/05/28 3:52 p.m.•4 views

CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/28 3:52 p.m.•9 views

EUVD-2026-32935

6.8CVSS5.8AI score0.00014EPSS

Exploits0References1

OSV•added 2026/05/04 8:22 p.m.•4 views

GHSA-55CF-XX38-4P9P OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Summary Workspace dotenv files cannot override connector endpoint hosts. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or...

5.3CVSS5.8AI score0.00011EPSS

Exploits0References5

ATTACKERKB•added 2026/02/02 6:56 p.m.•3 views

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

9.3CVSS5.7AI score0.00023EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/02 6:56 p.m.•3 views

CVE-2026-24471 Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')

9.3CVSS5.7AI score0.00023EPSS

Exploits0References2

Positive Technologies•added 2026/02/02 12:0 a.m.•4 views

PT-2026-5720

Name of the Vulnerable Software and Affected Versions Continuwuity versions prior to 0.5.1 Conduit versions prior to 0.10.11 Grapevine versions prior to 0aae932b Tuwunel versions prior to 1.4.9 Description A flaw exists that allows a malicious remote server to cause a local server to sign an...

9.3CVSS5.8AI score0.00023EPSS

Exploits0References8

SUSE CVE•added 2025/10/07 11:25 p.m.•1 views

SUSE CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

5.3CVSS7AI score0.00046EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2021-0133

Malware in sbrugna...

7.5CVSS7.4AI score0.00545EPSS

Exploits0References12

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-3513