118 matches found
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
The vulnerability of the XMPP protocol (Extensible Messaging and Presence Protocol), which is used by the Jitsi Meet video conferencing software, allows a hacker to disclose meeting passwords.
The vulnerability of the Jitsi Meet software, a video conferencing solution based on the XMPP protocol, is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to retrieve meeting passwords through HTTP POST requests...
PT-2025-34811 · Telpo · Telpo Mdm
Name of the Vulnerable Software and Affected Versions: Telpo MDM versions 1.4.6 through 1.4.9 Description: The Telpo MDM Android platform stores sensitive administrator credentials and MQTT server connection details IP/port in plaintext within log files on the device's external storage. This allo...
PT-2025-2886 · Sungrow · Sungrow Winet-Sv200
Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue is related to a stack-based buffer overflow that occurs when parsing MQTT messages, due to missing checks on the bounds of MQTT topics. This can lead to a buffer...
CVE-2024-52505
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...
CVE-2024-52505
CVE-2024-52505 affects the matrix-appservice-irc Node.js IRC bridge. The provisioning API in versions up to 3.0.2 allowed arbitrary IRC command execution by the bridge bot, as described in multiple sources. A fix exists in version 3.0.3, which patches the vulnerability. No exploitation details ar...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336
CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
Meshtastic device firmware 安全漏洞
Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in the Meshtastic device firmware that stems from a denial of service vulnerability in MQTT...
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369
CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...
CVE-2024-39691
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39691
CVE-2024-39691 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. Before version 2.0.1, the bridge used the Matrix homeserver-provided timestamp (origin_server_ts) to decide if a user could see the event being replied to. A malicious homeserver could fabricate this timestamp, causing...
CVE-2024-32000
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack,...