CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27155 – In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
https://notcve.org/view.php?id=CVE-2025-27155
04 Mar 2025 — Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim. • https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27146 – Matrix IRC Bridge allows IRC command injection to own puppeted user
https://notcve.org/view.php?id=CVE-2025-27146
25 Feb 2025 — matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4. • https://github.com/matrix-org/matrix-appservice-irc/commit/74f02c8e11f16ed1b355700092c1aa9c036a11bd • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23197 – matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
https://notcve.org/view.php?id=CVE-2025-23197
27 Jan 2025 — matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2. • https://github.com/matrix-org/matrix-hookshot/commit/e51d8210233ac759e7f7dfebc2c4f1bf6ce94802 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24024 – Mjolnir v1.9.0 accepts commands from any room
https://notcve.org/view.php?id=CVE-2025-24024
21 Jan 2025 — Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible. • https://github.com/matrix-org/mjolnir/commit/b437fa16b5425985715df861987c836affd51eea • CWE-671: Lack of Administrator Control over Security •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52594 – Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib
https://notcve.org/view.php?id=CVE-2024-52594
16 Jan 2025 — Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access. • https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52813 – matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
https://notcve.org/view.php?id=CVE-2024-52813
07 Jan 2025 — matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed. • https://github.com/matrix-org/matrix-rust-sdk/pull/3795 • CWE-223: Omission of Security-relevant Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52505 – matrix-appservice-irc allows IRC Command injection in provisioning API
https://notcve.org/view.php?id=CVE-2024-52505
14 Nov 2024 — matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3. • https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2 • CWE-147: Improper Neutralization of Input Terminators •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50336 – matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
https://notcve.org/view.php?id=CVE-2024-50336
12 Nov 2024 — matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1. Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. • https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10381 – Authentication Bypass Vulnerability in Matrix Door Controller
https://notcve.org/view.php?id=CVE-2024-10381
25 Oct 2024 — This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 1CVE-2024-50485 – WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50485
25 Oct 2024 — : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. :La vulnerabilidad de asignación incorrecta de privilegios en Udit Rawat Exam Matrix permite la escalada de privilegios. Este problema afecta a Exam Matrix: desde n/a hasta 1.5. The Exam Matrix plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5. This is due to the plugin not properly restricting functional... • https://github.com/RandomRobbieBF/CVE-2024-50485 • CWE-266: Incorrect Privilege Assignment •