element-hq

Top products

The 15 most recently published vulnerabilities affecting element-hq.

• CVE-2026-45078Synapse CPU starvation (Denial of Service)5.5May 28, 2026
• CVE-2026-45076Synapse pagination denial of service2.7May 28, 2026
• CVE-2025-62425Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password8.3Oct 16, 2025
• CVE-2025-27599Element X Android vulnerable to loading malicious web pages via received intent6.5Apr 18, 2025
• CVE-2025-32026Element Web could load a malicious instance of Element Call leaking media encryption keys3.8Apr 8, 2025
• CVE-2025-31126Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call5.3Apr 3, 2025
• CVE-2025-31127Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call5.3Apr 3, 2025
• CVE-2025-30355Synapse vulnerable to federation denial of service via malformed events7.1Mar 27, 2025
• CVE-2025-27606Element Android PIN autologout bypass5.1Mar 14, 2025
• CVE-2024-37303Synapse unauthenticated writes to the media repository allow planting of problematic content5.3Dec 3, 2024
• CVE-2024-37302Synapse denial of service through media disk space consumption7.5Dec 3, 2024
• CVE-2024-52805Synapse allows unsupported content types to lead to memory exhaustion7.5Dec 3, 2024
• CVE-2024-52815Synapse allows a a malformed invite to break the invitee's `/sync`5.3Dec 3, 2024
• CVE-2024-53867Synapse Matrix has a partial room state leak via Sliding Sync4.3Dec 3, 2024
• CVE-2024-53863Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders9.1Dec 3, 2024