19 matches found
PT-2026-60790
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...
CVE-2026-32995
The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...
CVE-2026-32995
The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...
EUVD-2026-32711
The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...
PT-2026-44173
The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...
PT-2026-39281
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The ydoc:document:update Socket.IO event handler fails to verify if a sender has write permissions, checking only if the sender is a member of the document's Socket.IO room. Users with read-only...
EUVD-2021-0132
Malware in sbrugna...
EUVD-2024-3300
Malicious code in bioql PyPI...
Improper Authorization
Moodle is vulnerable to improper authorization. The vulnerability is due to incorrect handling of Matrix room membership and power levels due to suspended Moodle users not being properly revoked, and attackers can use this to retain unauthorized access and elevated privileges in Matrix rooms even...
UBUNTU-CVE-2024-43433
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...
Improper Authentication
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to the incorrect application and revocation of matrix room membership and power levels for suspended users. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6 or...
CVE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...
Moodle 安全漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the incorrect application and revocation of Matrix room membership...
Moodle 4.3.x < 4.3.6, 4.4.x < 4.4.2 Improper Access Control Vulnerability (MSA-24-0034)
Moodle is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...
SUSE CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
GHSA-3X4C-PQ33-4W3Q Improper authorisation of members discloses room membership to non-members
Impact Unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver tha...
Improper authorisation of members discloses room membership to non-members
Impact Unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver tha...
CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...