EUVD-2026-3098

Malicious code in omnicore-ds2-sdk2 npm...

Malicious code in omnicore-ds2-sdk2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e1c62468ce0da7fc1beb34de16d8faa8633411ce4217f2d4e6b6bf3fc92a53 The package omnicore-ds2-sdk2 was found to contain malicious code...

MAL-2026-298 Malicious code in omnicore-ds2-sdk2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e1c62468ce0da7fc1beb34de16d8faa8633411ce4217f2d4e6b6bf3fc92a53 The package omnicore-ds2-sdk2 was found to contain malicious code...

Malicious code in phone-feature-sdk2 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-3924 Malicious code in vsock-sdk2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87d1181c9c02b4d4e06d16cac778739608a055f903fc4b34137a5186bfcb3152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vsock-sdk2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87d1181c9c02b4d4e06d16cac778739608a055f903fc4b34137a5186bfcb3152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

CVE-2022-39248

Summary (Mode C): CVE-2022-39248 affects matrix-android-sdk2 prior to 1.5.1. A protocol confusion vulnerability permits an attacker cooperating with a malicious homeserver to craft to-device messages that appear to originate from another user, bypassing indicators like a grey shield. In a targete...

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

PT-2022-24839 · Unknown · Matrix-Android-Sdk2

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,...

PT-2022-24840 · Unknown · Matrix-Android-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

CVE-2021-40824

The CVE-2021-40824 issue affects Element Android prior to 1.2.2 and matrix-android-sdk2 (Matrix SDK for Android). A logic error in the room key sharing functionality allows a malicious Matrix homeserver in an encrypted room to steal room encryption keys via crafted Matrix protocol messages, enabl...