Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rooms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-3309
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cros...
Resort Reservation System Project Resort Reservation System 1.0
NA
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker c...
Frappe Erpnext 11.0.3
Frappe Erpnext
7.5
CVSSv3
CVE-2021-39215
Jitsi Meet is an open source video conferencing application. In versions before 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected ro...
8x8 Jitsi Meet 2.0.5963
8.8
CVSSv3
CVE-2022-29166
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an malicious user to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-...
Matrix Matrix Irc Bridge
4.3
CVSSv3
CVE-2022-29233
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but prior to 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of int...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2022-36060
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application ca...
Matrix React Sdk
4.9
CVSSv3
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed fede...
Matrix Synapse
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2010-0277
slp.c in the MSN protocol plugin in libpurple in Pidgin prior to 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE re...
Pidgin Pidgin 2.5.9
Pidgin Pidgin 2.5.8
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.5.7
Pidgin Pidgin
Pidgin Pidgin 2.4.3
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.2.1
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.6.2
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.2.0
Pidgin Pidgin 2.0.0
NA
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances prior to 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption ...
3.1
CVSSv3
CVE-2021-39163
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where t...
Matrix Synapse
Fedoraproject Fedora 34
Fedoraproject Fedora 35
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »