Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2023/11/01 8:58 a.m.18 views

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

5.3CVSS6.8AI score0.00283EPSS
Exploits0References5Affected Software3
Veracode
Veracodeadded 2023/10/12 1:44 p.m.20 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to Denial Of Service DoS. The vulnerability is due to malicious server ACL events which can impact performance temporarily or permanently, leading to a persistent denial of service DoS...

4.9CVSS6.8AI score0.00266EPSS
Exploits0References9Affected Software3
Veracode
Veracodeadded 2022/11/24 11:31 a.m.19 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service DoS. The library does not properly limit the connection time while attempting to generate URL previews for media stream URLs when the URL preview functionality is enabled. The connections are terminated only after maxspidersize bytes have been...

6.5CVSS5.4AI score0.00552EPSS
Exploits0References8Affected Software2
Veracode
Veracodeadded 2022/09/01 10:16 a.m.22 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service attacks. The vulnerability exists in the 'checkstateindependentauthrules' function in 'eventauth.py' due to a lack of validation event authorization which allows an attacker to craft a malicious event and crash the system...

7.5CVSS6.9AI score0.00731EPSS
Exploits0References7Affected Software2
Veracode
Veracodeadded 2022/06/29 11:53 a.m.23 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service attacks. An authenticated attacker is able to exhaust the available stack space for the Synapse process due to unbounded recursion, resulting in a system crash. The deployments with urlpreviewenabled: true configuration are affected...

6.5CVSS6AI score0.00376EPSS
Exploits0References7Affected Software3
Veracode
Veracodeadded 2021/05/21 7:40 a.m.10 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service. The vulnerability exists due to missing input validation of some parameters on the endpoints used to confirm third-party identifiers which could cause excessive use of disk space and memory leading to resource exhaustion...

4.4AI score
Exploits0
Veracode
Veracodeadded 2021/05/12 12:55 a.m.19 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service. An attacker is able to exploit the vulnerability by injecting certain eventmatch patterns that will lead the system to crash...

5.3CVSS3.5AI score0.00337EPSS
Exploits0References5Affected Software3
Veracode
Veracodeadded 2020/10/19 5:49 a.m.14 views

Cross-Site Scripting (XSS)

matrixsynapse is vulnerable to cross-site scripting XSS. A attacker is able to inject and execute arbitrary Javascript in a user's browser via the reCAPTCHA, consent terms of service, or single sign-on functions...

6.1CVSS4AI score0.00439EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder