matrix
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting matrix.
- CVE-2025-54315The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.7.1
- CVE-2025-49090The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.7.1
- CVE-2025-30355Synapse vulnerable to federation denial of service via malformed events7.1
- CVE-2025-27146Matrix IRC Bridge allows IRC command injection to own puppeted user2.7
- CVE-2024-37303Synapse unauthenticated writes to the media repository allow planting of problematic content5.3
- CVE-2024-37302Synapse denial of service through media disk space consumption7.5
- CVE-2024-52805Synapse allows unsupported content types to lead to memory exhaustion7.5
- CVE-2024-52815Synapse allows a a malformed invite to break the invitee's `/sync`5.3
- CVE-2024-53863Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders9.1
- CVE-2024-45193An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implement...4.3
- CVE-2024-45192An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE:...5.3
- CVE-2024-45191An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for...5.3
- CVE-2024-42369A room with itself as a its predecessor will freeze matrix-js-sdk4.1
- CVE-2024-42347URL preview setting for a room is controllable by the homeserver in matrix-react-sdk7.7
- CVE-2024-38432Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File5.5