1191 matches found
Asymmetric Resource Consumption (Amplification)
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45078 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45078 Source advisory: OSV:GHSA-8Q93-326V-3M7G...
GHSA-8Q93-326V-3M7G Synapse CPU starvation (Denial of Service)
Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...
Synapse CPU starvation (Denial of Service)
Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...
PT-2026-41159
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...
PT-2026-41158
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...
CVE-2026-40347 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, wazuh-manager, synapse, kserve, semgrep, airflow, vllm-openai-cuda-12.9, keep-fips, airflow-core, litellm, tritonserver-backend-vllm-cuda-12.9, keep, wazuh-manager-fips...
GHSA-MJ87-HWQH-73PJ vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, wazuh-manager, synapse, kserve, semgrep, airflow, vllm-openai-cuda-12.9, keep-fips, airflow-core, litellm, tritonserver-backend-vllm-cuda-12.9, keep, wazuh-manager-fips...
Fedora 43 : matrix-synapse / rust-pythonize (2026-151bfcc2af)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-151bfcc2af advisory. Update matrix-synapse to v1.147.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora: Security Advisory (FEDORA-2026-151bfcc2af)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2026:10196-1 matrix-synapse-1.147.1-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.147.1-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2019-11842
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...
Arbitrary Code Injection
Overview org.apache.synapse:synapse-extensions is an Apache Synapse - Extensions Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated...
Arbitrary Code Injection
Overview org.apache.synapse:synapse-core is an Apache Synapse - Core Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated privileges by...
EUVD-2025-36710
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...
EUVD-2025-36709
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...
EUVD-2025-36711
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...
CVE-2025-9871
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-9870
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...
CVE-2025-9870
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...