| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-3383 | SourceCodester Game Result Matrix System GET Parameter athlete-profile.php sql injection | SourceCodester | Game Result Matrix System | Medium | 6.3 | 2023-06-23 10:00:06 | Deep Dive |
| CVE-2023-3382 | SourceCodester Game Result Matrix System GET Parameter save-delegates.php cross site scripting | SourceCodester | Game Result Matrix System | Low | 3.5 | 2023-06-23 10:00:05 | Deep Dive |
| CVE-2023-32683 | URL deny list bypass via oEmbed and image URLs when generating previews in Synapse | matrix-org | synapse | Low | 3.5 | 2023-06-06 18:24:30 | Deep Dive |
| CVE-2023-32682 | Improper checks for deactivated users during login in synapse | matrix-org | synapse | Medium | 5.4 | 2023-06-06 18:20:14 | Deep Dive |
| CVE-2023-0636 | Remote Code Execution via Command Injection | ABB Ltd. | ASPECT®-Enterprise | High | 7.2 | 2023-06-05 03:45:10 | Deep Dive |
| CVE-2023-0635 | Privilege escalation to root | ABB Ltd. | ASPECT®-Enterprise | High | 7.8 | 2023-06-05 03:42:05 | Deep Dive |
| CVE-2022-39374 | Synapse Denial of service due to incorrect application of event authorization rules during state resolution | matrix-org | synapse | 中危 | - | 2023-05-26 13:44:44 | Deep Dive |
| CVE-2022-39335 | Synapse does not apply enough checks to servers requesting auth events of events in a room | matrix-org | synapse | Medium | 5.0 | 2023-05-26 13:36:56 | Deep Dive |
| CVE-2023-32323 | Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites | matrix-org | synapse | Medium | 5.0 | 2023-05-26 13:32:02 | Deep Dive |
| CVE-2023-30609 | matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting | matrix-org | matrix-react-sdk | Medium | 5.4 | 2023-04-25 20:58:28 | Deep Dive |
| CVE-2023-29529 | matrix-js-sdk vulnerable to invisible eavesdropping in group calls | matrix-org | matrix-js-sdk | Medium | 5.0 | 2023-04-14 18:21:17 | Deep Dive |
| CVE-2022-36060 | Prototype pollution in matrix-react-sdk | matrix-org | matrix-react-sdk | High | 8.2 | 2023-03-28 20:37:29 | Deep Dive |
| CVE-2023-28103 | Prototype pollution in matrix-react-sdk | matrix-org | matrix-react-sdk | High | 8.2 | 2023-03-28 20:37:24 | Deep Dive |
| CVE-2023-28427 | Prototype pollution in matrix-js-sdk | matrix-org | matrix-js-sdk | High | 8.2 | 2023-03-28 20:32:22 | Deep Dive |
| CVE-2022-36059 | Prototype pollution in matrix-js-sdk | matrix-org | matrix-js-sdk | High | 8.2 | 2023-03-28 20:32:18 | Deep Dive |
| CVE-2022-41952 | Uncontrolled Resource Consumption in Matrix Synapse | matrix-org | synapse | Medium | 6.5 | 2022-11-22 00:00:00 | Deep Dive |
| CVE-2022-3971 | matrix-appservice-irc PgDataStore.ts sql injection | unspecified | matrix-appservice-irc | Medium | 4.6 | 2022-11-13 00:00:00 | Deep Dive |
| CVE-2022-39254 | When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder | poljar | matrix-nio | High | 8.6 | 2022-09-29 14:35:10 | Deep Dive |
| CVE-2022-39252 | When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder | matrix-org | matrix-rust-sdk | High | 8.6 | 2022-09-29 14:15:14 | Deep Dive |
| CVE-2022-39250 | Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification | matrix-org | matrix-js-sdk | High | 8.6 | 2022-09-29 00:00:00 | Deep Dive |