CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS7AI score0.00131EPSS

Exploits0References1

SUSE CVE•added 2025/04/10 2:8 a.m.•3 views

SUSE CVE-2025-32026

3.8CVSS6.9AI score0.00131EPSS

Exploits0References3

AlpineLinux•added 2025/04/08 4:15 p.m.•3 views

CVE-2025-32026

3.8CVSS6.5AI score0.00131EPSS

Exploits0References1

NVD•added 2025/04/08 4:15 p.m.•19 views

CVE-2025-32026

3.8CVSS0.00131EPSS

Exploits0References1

Vulnrichment•added 2025/04/08 3:22 p.m.•8 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

3.8CVSS7.1AI score0.00131EPSS

Exploits0References1

CVE•added 2025/04/08 3:22 p.m.•51 views

CVE-2025-32026

Element Web (Matrix Web client) versions 1.11.16–1.11.96 expose a vulnerability where, if configured to load Element Call from an external URL, an external page can gain access to media encryption keys used during a call. Root cause: external URL loading creates a trust boundary bypass that leaks...

3.8CVSS7.1AI score0.00131EPSS

Exploits0References1

Cvelist•added 2025/04/08 3:22 p.m.•12 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

3.8CVSS0.00131EPSS

Exploits0References1

OSV•added 2025/04/08 3:22 p.m.•4 views

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

3.8CVSS6.9AI score0.00131EPSS

Exploits0References3

RedhatCVE•added 2025/04/05 6:34 p.m.•12 views

CVE-2025-31127

Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. Thi...

5.3CVSS6.9AI score0.00175EPSS

Exploits0References1

RedhatCVE•added 2025/04/05 6:33 p.m.•17 views

CVE-2025-31126

Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability ...

5.3CVSS6.6AI score0.00175EPSS

Exploits0References1

NVD•added 2025/04/03 6:15 p.m.•6 views

CVE-2025-31127

5.3CVSS0.00175EPSS

Exploits0References2

NVD•added 2025/04/03 6:15 p.m.•5 views

CVE-2025-31126

5.3CVSS0.00175EPSS

Exploits0References2

Vulnrichment•added 2025/04/03 5:54 p.m.•5 views

CVE-2025-31126 Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call

5.3CVSS5.1AI score0.00175EPSS

Exploits0References2

CVE•added 2025/04/03 5:54 p.m.•41 views

CVE-2025-31126

Element X iOS (Matrix client) is affected in versions 1.6.13 through 25.03.7 where the entity controlling the element.json well-known file can, under certain conditions, access media encryption keys used for an Element Call, leaking confidentiality. The issue is fixed in version 25.03.8. Affected...

5.3CVSS6.8AI score0.00175EPSS

Exploits0References2

Cvelist•added 2025/04/03 5:54 p.m.•12 views

CVE-2025-31126 Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call

5.3CVSS0.00175EPSS

Exploits0References2

Vulnrichment•added 2025/04/03 5:54 p.m.•6 views

CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call

5.3CVSS5.2AI score0.00175EPSS

Exploits0References2

Cvelist•added 2025/04/03 5:54 p.m.•12 views

CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call