| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-32682 | Improper checks for deactivated users during login in synapse | matrix-org | synapse | Medium | 5.4 | 2023-06-06 18:20:14 | Deep Dive |
| CVE-2022-39374 | Synapse Denial of service due to incorrect application of event authorization rules during state resolution | matrix-org | synapse | 中危 | - | 2023-05-26 13:44:44 | Deep Dive |
| CVE-2022-39335 | Synapse does not apply enough checks to servers requesting auth events of events in a room | matrix-org | synapse | Medium | 5.0 | 2023-05-26 13:36:56 | Deep Dive |
| CVE-2023-32323 | Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites | matrix-org | synapse | Medium | 5.0 | 2023-05-26 13:32:02 | Deep Dive |
| CVE-2022-41952 | Uncontrolled Resource Consumption in Matrix Synapse | matrix-org | synapse | Medium | 6.5 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-31152 | Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules | matrix-org | synapse | Medium | 6.4 | 2022-09-02 20:00:16 | Deep Dive |
| CVE-2022-31052 | URL previews can crash Synapse media repositories or Synapse monoliths | matrix-org | synapse | Medium | 6.5 | 2022-06-28 17:10:11 | Deep Dive |
| CVE-2021-41281 | Path traversal in Matrix Synapse | matrix-org | synapse | High | 7.5 | 2021-11-23 19:15:18 | Deep Dive |
| CVE-2021-39164 | Improper authorisation of /members discloses room membership to non-members | matrix-org | synapse | Low | 3.1 | 2021-08-31 16:20:10 | Deep Dive |
| CVE-2021-39163 | Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. | matrix-org | synapse | Low | 3.1 | 2021-08-31 16:00:11 | Deep Dive |
| CVE-2021-29471 | Denial of service in Matrix Synapse | matrix-org | synapse | Low | 3.7 | 2021-05-11 15:05:12 | Deep Dive |
| CVE-2021-21392 | Open redirect via transitional IPv6 addresses on dual-stack networks | matrix-org | synapse | Medium | 6.3 | 2021-04-12 21:50:14 | Deep Dive |
| CVE-2021-21393 | Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints | matrix-org | synapse | Medium | 5.3 | 2021-04-12 21:35:14 | Deep Dive |
| CVE-2021-21394 | Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints | matrix-org | synapse | Medium | 5.3 | 2021-04-12 20:45:18 | Deep Dive |
| CVE-2021-21333 | HTML injection in email and account expiry notifications | matrix-org | synapse | Medium | 6.1 | 2021-03-26 20:00:19 | Deep Dive |
| CVE-2021-21332 | Cross-site scripting (XSS) vulnerability in the password reset endpoint | matrix-org | synapse | Medium | 6.9 | 2021-03-26 19:55:17 | Deep Dive |
| CVE-2021-21273 | Open redirects on some federation and push requests | matrix-org | synapse | Low | 3.1 | 2021-02-26 17:25:29 | Deep Dive |
| CVE-2021-21274 | Denial of service attack via .well-known lookups | matrix-org | synapse | Medium | 4.3 | 2021-02-26 17:25:16 | Deep Dive |
| CVE-2020-26257 | Denial of service attack via incorrect parameters to federation APIs | matrix-org | synapse | Medium | 6.5 | 2020-12-09 18:25:15 | Deep Dive |
| CVE-2017-15708 | Apache Synapse 注入漏洞 | Apache Software Foundation | Apache Synapse | 超危 | - | 2017-12-11 15:00:00 | Deep Dive |