Lucene search
K

1220 matches found

EUVD
EUVD
added 2026/05/28 3:50 p.m.12 views

EUVD-2026-32934

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-45981

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

5.5CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

synapse 安全漏洞

Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a security vulnerability. This vulnerability occurred due to locally authenticated users being able to exhaust CPU resources, causing other requests to fail and leading to...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

synapse 输入验证错误漏洞

Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a vulnerability related to input validation errors. This vulnerability allowed malicious servers to manipulate room events, thereby preventing the complete history from being provided...

5.1CVSS5.8AI score0.00369EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/05/23 1:18 a.m.8 views

GHSA-8Q93-326V-3M7G vulnerabilities

Vulnerabilities for packages: synapse...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/23 1:18 a.m.5 views

GHSA-6QF2-7X63-MM6V vulnerabilities

Vulnerabilities for packages: synapse...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/23 1:18 a.m.13 views

CVE-2026-45078 vulnerabilities

Vulnerabilities for packages: synapse...

6.8CVSS5.8AI score0.00128EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/23 1:18 a.m.12 views

CVE-2026-45076 vulnerabilities

Vulnerabilities for packages: synapse...

5.1CVSS5.8AI score0.00369EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/22 7:18 p.m.12 views

CVE-2026-42304 vulnerabilities

Vulnerabilities for packages: synapse...

7.5CVSS5.8AI score0.00433EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/22 7:18 p.m.10 views

GHSA-GRGV-6HW6-V9G4 vulnerabilities

Vulnerabilities for packages: synapse...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.12 views

Synapse pagination Denial of Service

Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. Patches Update to Synapse 1.152.1 or later. Workarounds There are no known workaround...

5.1CVSS5.9AI score0.00369EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/14 4:18 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the pagination process for federated rooms. An attacker can cause clients to fail to display room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:18 p.m.5 views

GHSA-6QF2-7X63-MM6V Synapse pagination Denial of Service

Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. Patches Update to Synapse 1.152.1 or later. Workarounds There are no known workaround...

6.9CVSS5.9AI score0.00369EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/14 4:18 p.m.9 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45076 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45076 Source advisory: OSV:GHSA-6QF2-7X63-MM6V...

5.1CVSS5.8AI score0.00369EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.20 views

Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/14 4:18 p.m.9 views

GHSA-8Q93-326V-3M7G Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/14 4:18 p.m.13 views

Asymmetric Resource Consumption (Amplification)

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/14 4:18 p.m.7 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45078 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45078 Source advisory: OSV:GHSA-8Q93-326V-3M7G...

6.8CVSS5.8AI score0.00128EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41159

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References12
Rows per page
Query Builder