Lucene search
+L

63 matches found

OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 2:17 a.m.3 views

DEBIAN-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:58 a.m.8 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: thunderbird (TSSA-2023:0054)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.7AI score0.01185EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.11 views

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

7.1CVSS6.9AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-45920

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2434

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00494EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2023-0132

Malicious code in bioql PyPI...

9.3CVSS7.4AI score0.00229EPSS
Exploits0References10
OSV
OSV
added 2025/10/02 12:0 a.m.3 views

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

7.1CVSS6.9AI score0.00319EPSS
Exploits0References4
PyPA
PyPA
added 2023/08/04 4:15 p.m.8 views

PYSEC-2023-139

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

9.3CVSS6.8AI score0.00229EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2023/08/04 3:57 p.m.96 views

CVE-2023-38686

Removed by vendor...

9.3CVSS7.5AI score0.00229EPSS
Exploits0
Prion
Prion
added 2023/06/06 7:15 p.m.22 views

Design/Logic Flaw

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.5CVSS5.3AI score0.00752EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/06/06 7:15 p.m.30 views

PYSEC-2023-84

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS6.7AI score0.00752EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/06/06 7:15 p.m.32 views

CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS6.1AI score0.00752EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/06/06 7:15 p.m.34 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.4AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2023/06/06 6:24 p.m.12 views

CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

3.5CVSS5.8AI score0.00605EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/06/06 6:24 p.m.49 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS5.9AI score0.00605EPSS
Exploits0
OSV
OSV
added 2023/06/06 6:20 p.m.19 views

CVE-2023-32682 Improper checks for deactivated users during login in synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS5.2AI score0.00752EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2023/06/06 6:20 p.m.55 views

CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS5.4AI score0.00752EPSS
Exploits0
Rows per page
Query Builder