| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11093 | Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) | WSO2 | WSO2 Micro Integrator | High | 8.4 | 2025-11-05 18:31:18 | Deep Dive |
| CVE-2025-9870 | Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability | Razer | Synapse 3 | - | - | 2025-10-29 19:34:08 | Deep Dive |
| CVE-2025-9871 | Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability | Razer | Synapse 3 | - | - | 2025-10-29 19:33:46 | Deep Dive |
| CVE-2025-9869 | Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability | Razer | Synapse 3 | - | - | 2025-10-29 19:33:10 | Deep Dive |
| CVE-2025-61672 | Synapse: Invalid device keys degrade federation functionality | element-hq | synapse | - | - | 2025-10-08 14:55:06 | Deep Dive |
| CVE-2025-54551 | FUJIFILM Synapse Mobility 安全漏洞 | FUJIFILM Healthcare Americas Corporation | Synapse Mobility | Medium | 4.3 | 2025-08-20 04:57:37 | Deep Dive |
| CVE-2024-7074 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Enterprise Integrator | Medium | 6.8 | 2025-06-02 16:42:19 | Deep Dive |
| CVE-2025-30355 | Synapse vulnerable to federation denial of service via malformed events | element-hq | synapse | High | 7.1 | 2025-03-27 00:59:28 | Deep Dive |
| CVE-2024-37303 | Synapse unauthenticated writes to the media repository allow planting of problematic content | element-hq | synapse | Medium | 5.3 | 2024-12-03 17:06:02 | Deep Dive |
| CVE-2024-37302 | Synapse denial of service through media disk space consumption | element-hq | synapse | High | 7.5 | 2024-12-03 17:04:16 | Deep Dive |
| CVE-2024-52805 | Synapse allows unsupported content types to lead to memory exhaustion | element-hq | synapse | 高危 | - | 2024-12-03 17:01:50 | Deep Dive |
| CVE-2024-52815 | Synapse allows a a malformed invite to break the invitee's `/sync` | element-hq | synapse | 高危 | - | 2024-12-03 16:58:31 | Deep Dive |
| CVE-2024-53867 | Synapse Matrix has a partial room state leak via Sliding Sync | element-hq | synapse | Medium | 4.3 | 2024-12-03 16:52:02 | Deep Dive |
| CVE-2024-53863 | Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders | element-hq | synapse | 高危 | - | 2024-12-03 16:48:30 | Deep Dive |
| CVE-2024-31208 | Synapse's V2 state resolution weakness allows DoS from remote room members | element-hq | synapse | Medium | 6.5 | 2024-04-23 17:26:39 | Deep Dive |
| CVE-2023-43796 | Synapse vulnerable to leak of remote user device information | matrix-org | synapse | Medium | 5.3 | 2023-10-31 16:52:49 | Deep Dive |
| CVE-2023-45129 | matrix-synapse vulnerable to denial of service due to malicious server ACL events | matrix-org | synapse | Medium | 4.9 | 2023-10-10 17:17:11 | Deep Dive |
| CVE-2023-41335 | Temporary storage of plaintext passwords during password changes in matrix synapse | matrix-org | synapse | Low | 3.7 | 2023-09-26 20:51:30 | Deep Dive |
| CVE-2023-42453 | Improper validation of receipts allows forged read receipts in matrix synapse | matrix-org | synapse | Low | 3.1 | 2023-09-26 20:49:23 | Deep Dive |
| CVE-2023-32683 | URL deny list bypass via oEmbed and image URLs when generating previews in Synapse | matrix-org | synapse | Low | 3.5 | 2023-06-06 18:24:30 | Deep Dive |