Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrix project vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-32622
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions ...
Matrix-react-sdk Project Matrix-react-sdk
6.5
CVSSv3
CVE-2021-29453
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and previous versions of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a rel...
Matrix-media-repo Project Matrix-media-repo
9.8
CVSSv3
CVE-2021-29936
An issue exists in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
Adtensor Project Adtensor
4.3
CVSSv3
CVE-2021-21320
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix ...
Matrix-react-sdk Project Matrix-react-sdk
7.5
CVSSv3
CVE-2021-25906
An issue exists in the basic_dsp_matrix crate prior to 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
Basic Dsp Matrix Project Basic Dsp Matrix
6.5
CVSSv3
CVE-2021-21269
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack ca...
Keymaker Project Keymaker
5.4
CVSSv3
CVE-2020-2224
Jenkins Matrix Project Plugin 1.16 and previous versions does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
Jenkins Matrix Project
5.4
CVSSv3
CVE-2020-2225
Jenkins Matrix Project Plugin 1.16 and previous versions does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
Jenkins Matrix Project
6.8
CVSSv3
CVE-2009-4067
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel prior to 2.6.27 allows physically proximate malicious users to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.
Linux Linux Kernel
Redhat Enterprise Linux 4.0
1 EDB exploit
9.8
CVSSv3
CVE-2019-16880
An issue exists in the linea crate up to and including 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.
Linea Project Linea
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »