CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27599 – Element X Android vulnerable to loading malicious web pages via received intent
https://notcve.org/view.php?id=CVE-2025-27599
18 Apr 2025 — Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2. Element X Android es un cliente Matrix para Android proporcionado por element.io. Antes de la versión 25.04.2, un hipervínculo... • https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e • CWE-20: Improper Input Validation CWE-926: Improper Export of Android Application Components •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32026 – Element Web could load a malicious instance of Element Call leaking media encryption keys
https://notcve.org/view.php?id=CVE-2025-32026
08 Apr 2025 — Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem. • https://github.com/element-hq/element-web/security/advisories/GHSA-69q3-jg79-cg79 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31126 – Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
https://notcve.org/view.php?id=CVE-2025-31126
03 Apr 2025 — Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8. Element X iOS es un cliente Matrix iOS proporcionado por Element. En las versiones de Element X iOS entre la 1.6.13 y la 25.03.7, la entidad que controla el archivo conocido element.json puede, ... • https://github.com/element-hq/element-meta/issues/2441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31127 – Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
https://notcve.org/view.php?id=CVE-2025-31127
03 Apr 2025 — Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. Element X Android es un cliente Matrix para Android proporcionado por element.io. En las versiones de Element X para Android entre la 0.4.16 y la 25.03.3, la entidad que controla... • https://github.com/element-hq/element-meta/issues/2441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2025-30355 – Synapse vulnerable to federation denial of service via malformed events
https://notcve.org/view.php?id=CVE-2025-30355
27 Mar 2025 — Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. • https://github.com/ui-bootstrap/CVE-2025-30355 • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27606 – Element Android PIN autologout bypass
https://notcve.org/view.php?id=CVE-2025-27606
14 Mar 2025 — Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue. • https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37303 – Synapse unauthenticated writes to the media repository allow planting of problematic content
https://notcve.org/view.php?id=CVE-2024-37303
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a p... • https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37302 – Synapse denial of service through media disk space consumption
https://notcve.org/view.php?id=CVE-2024-37302
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucke... • https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52805 – Synapse allows unsupported content types to lead to memory exhaustion
https://notcve.org/view.php?id=CVE-2024-52805
03 Dec 2024 — Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. • https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52815 – Synapse allows a a malformed invite to break the invitee's `/sync`
https://notcve.org/view.php?id=CVE-2024-52815
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. • https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h • CWE-20: Improper Input Validation •