Lucene search
+L

19 matches found

Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60790

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.3AI score
Exploits0References3
NVD
NVD
added 2026/05/28 5:16 a.m.17 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS0.00283EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:1 a.m.8 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/28 4:1 a.m.13 views

EUVD-2026-32711

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44173

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39281

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The ydoc:document:update Socket.IO event handler fails to verify if a sender has write permissions, checking only if the sender is a member of the document's Socket.IO room. Users with read-only...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0132

Malware in sbrugna...

3.5CVSS4.1AI score0.01457EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3300

Malicious code in bioql PyPI...

5.3CVSS6.2AI score0.00318EPSS
Exploits0References5
Veracode
Veracode
added 2024/12/03 10:18 a.m.6 views

Improper Authorization

Moodle is vulnerable to improper authorization. The vulnerability is due to incorrect handling of Matrix room membership and power levels due to suspended Moodle users not being properly revoked, and attackers can use this to retain unauthorized access and elevated privileges in Matrix rooms even...

5.3CVSS7AI score0.00318EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/11 1:15 p.m.25 views

UBUNTU-CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

5.3CVSS5.7AI score0.00318EPSS
Exploits0References4
Snyk
Snyk
added 2024/11/11 12:47 p.m.1 views

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to the incorrect application and revocation of matrix room membership and power levels for suspended users. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6 or...

6.9CVSS6.9AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2024/11/11 12:16 p.m.15 views

CVE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

5.3CVSS5.9AI score0.00318EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the incorrect application and revocation of Matrix room membership...

5.3CVSS6.4AI score0.00318EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/21 12:0 a.m.23 views

Moodle 4.3.x < 4.3.6, 4.4.x < 4.4.2 Improper Access Control Vulnerability (MSA-24-0034)

Moodle is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

5.3CVSS5.2AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/31 10:13 p.m.36 views

CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...

3.5CVSS4.3AI score0.00445EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.5 views

SUSE CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS5.4AI score0.01457EPSS
Exploits0References3
OSV
OSV
added 2021/09/01 6:25 p.m.24 views

GHSA-3X4C-PQ33-4W3Q Improper authorisation of members discloses room membership to non-members

Impact Unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver tha...

3.1CVSS3.8AI score0.01457EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/09/01 6:25 p.m.27 views

Improper authorisation of members discloses room membership to non-members

Impact Unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver tha...

3.5CVSS4.5AI score0.01457EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2021/08/31 4:20 p.m.28 views

CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS4AI score0.01457EPSS
Exploits0References5
Rows per page
Query Builder