CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score

Exploits0Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-6927

Malicious code in bioql PyPI...

8.6CVSS8.4AI score0.00278EPSS

Exploits0References16

RedhatCVE•added 2025/02/05 7:36 p.m.•8 views

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS6.4AI score0.00249EPSS

Exploits0References1

Prion•added 2022/09/28 9:15 p.m.•16 views

Type confusion

5CVSS7.2AI score0.00249EPSS

Exploits0References4Affected Software1

NVD•added 2022/09/28 8:15 p.m.•13 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.00272EPSS

Exploits0References4

OSV•added 2022/09/28 8:15 p.m.•1 views

UBUNTU-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7AI score0.00278EPSS

Exploits0References7