Vulnerabilidades en matrix-org
80 resultadosCVE-2023-28103HIGHPrototype pollution in matrix-react-sdkEPSS 0.7%CVE-2024-47080HIGHmatrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserverEPSS 0.7%CVE-2022-39202MEDIUMIRC mode parameter confusion in matrix-appservice-ircEPSS 0.7%CVE-2024-47824HIGHMalicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a roomEPSS 0.7%CVE-2022-36009MEDIUMIncorrect parsing of access level in gomatrixserverlib and dendriteEPSS 0.7%CVE-2023-42453LOWImproper validation of receipts allows forged read receipts in matrix synapseEPSS 0.7%CVE-2022-39335MEDIUMSynapse does not apply enough checks to servers requesting auth events of events in a roomEPSS 0.6%CVE-2022-39246HIGHmatrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessionsEPSS 0.6%CVE-2023-30609MEDIUMmatrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlightingEPSS 0.6%CVE-2023-32683LOWURL deny list bypass via oEmbed and image URLs when generating previews in SynapseEPSS 0.6%CVE-2025-24024CRITICALMjolnir v1.9.0 accepts commands from any roomEPSS 0.6%CVE-2023-29529MEDIUMmatrix-js-sdk vulnerable to invisible eavesdropping in group callsEPSS 0.5%CVE-2024-39691MEDIUMMalicious Matrix homeserver can leak truncated message content of messages it shouldn't have access toEPSS 0.5%CVE-2022-39252HIGHWhen matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarderEPSS 0.5%CVE-2023-38700LOWmatrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged roomsEPSS 0.5%CVE-2024-52813MEDIUMmatrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identityEPSS 0.5%CVE-2024-42369MEDIUMA room with itself as a its predecessor will freeze matrix-js-sdkEPSS 0.5%CVE-2024-32000MEDIUMTruncated content of messages can be leaked from matrix-appservice-ircEPSS 0.4%CVE-2023-37259MEDIUMCross site scripting in Export Chat featureEPSS 0.4%CVE-2025-23197MEDIUMmatrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub supportEPSS 0.4%