Lucene search
K

48 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2021-0133

Malware in sbrugna...

7.5CVSS7.4AI score0.01514EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2431

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00433EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0105

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00675EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0104

Malicious code in bioql PyPI...

6.8CVSS6.8AI score0.00618EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0103

Malicious code in bioql PyPI...

5.3CVSS6.8AI score0.00552EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0094

Malicious code in bioql PyPI...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3472

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00419EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-41281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be...

7.5CVSS7.5AI score0.01514EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:16 a.m.5 views

CVE-2023-41318

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...

5.4CVSS7AI score0.00433EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-37303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and cachi...

5.3CVSS6.2AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2025/01/16 9:49 p.m.6 views

GO-2025-3397 matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo

matrix-media-repo MMR allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo...

5.3CVSS5.5AI score0.00529EPSS
Exploits0References2
NVD
NVD
added 2025/01/16 8:15 p.m.9 views

CVE-2024-52791

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and...

7.5CVSS0.00728EPSS
Exploits0References2
NVD
NVD
added 2025/01/16 8:15 p.m.6 views

CVE-2024-36402

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS0.00529EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/16 7:19 p.m.5 views

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS5.8AI score0.00529EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 7:19 p.m.61 views

CVE-2024-36402

CVE-2024-36402 affects Matrix Media Repo (MMR) prior to 1.3.5. Unauthenticated remote participants could trigger remote media download/cache into the local media repo, making content available for unauthenticated download and enabling planting problematic content. The issue is partially mitigated...

5.3CVSS5.4AI score0.00529EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/16 7:19 p.m.7 views

CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...

5.3CVSS6.5AI score0.00529EPSS
Exploits0References4
OSV
OSV
added 2025/01/16 7:5 p.m.4 views

GHSA-8VMR-H7H5-CQHG matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content

Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...

5.3CVSS6.7AI score0.00529EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/01/16 7:5 p.m.9 views

matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content

Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...

5.3CVSS6.7AI score0.00529EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.9 views

PT-2025-2448 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo versions prior to 1.3.5 Description: The issue allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This makes the content...

8.9CVSS6.3AI score0.0104EPSS
Exploits2References90
Snyk
Snyk
added 2024/12/03 6:40 p.m.1 views

Missing Authentication for Critical Function

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the unauthenticated writes to the media repository. An attacker can plant problematic content into the med...

6.9CVSS6.4AI score0.00419EPSS
Exploits0References2
Rows per page
Query Builder