48 matches found
EUVD-2021-0133
Malware in sbrugna...
EUVD-2023-2431
Malicious code in bioql PyPI...
EUVD-2025-0105
Malicious code in bioql PyPI...
EUVD-2025-0104
Malicious code in bioql PyPI...
EUVD-2025-0103
Malicious code in bioql PyPI...
EUVD-2025-0094
Malicious code in bioql PyPI...
EUVD-2024-3472
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-41281
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be...
CVE-2023-41318
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...
Linux Distros Unpatched Vulnerability : CVE-2024-37303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and cachi...
GO-2025-3397 matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo...
CVE-2024-52791
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...
CVE-2024-36402
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
CVE-2024-36402
CVE-2024-36402 affects Matrix Media Repo (MMR) prior to 1.3.5. Unauthenticated remote participants could trigger remote media download/cache into the local media repo, making content available for unauthenticated download and enabling planting problematic content. The issue is partially mitigated...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
GHSA-8VMR-H7H5-CQHG matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content
Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content
Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...
PT-2025-2448 · Unknown +1 · Matrix Media Repo +1
Name of the Vulnerable Software and Affected Versions: Matrix Media Repo versions prior to 1.3.5 Description: The issue allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This makes the content...
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...