Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

element-hq — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting element-hq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by element-hq:synapseelement-webelement-androidelement-x-androidelement-desktopelement-x-iosmatrix-authentication-serviceess-helm
CVE IDTitleCVSSSeverityPublished
CVE-2026-24044 ESS Community Helm Chart has a weak server key generation method — ess-helmCWE-336 9.1AICriticalAI2026-02-12
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password — matrix-authentication-serviceCWE-620 8.3 High2025-10-16
CVE-2025-61672 Synapse: Invalid device keys degrade federation functionality — synapseCWE-1287 6.5AIMediumAI2025-10-08
CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left — element-webCWE-20 7.5AIHighAI2025-09-16
CVE-2025-27599 Element X Android vulnerable to loading malicious web pages via received intent — element-x-androidCWE-926 6.5 Medium2025-04-18
CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys — element-webCWE-497 3.8 Low2025-04-08
CVE-2025-31126 Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call — element-x-iosCWE-200 5.3 Medium2025-04-03
CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call — element-x-androidCWE-200 5.3 Medium2025-04-03
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events — synapseCWE-20 7.1 High2025-03-27
CVE-2025-27606 Element Android PIN autologout bypass — element-androidCWE-488 5.1 Medium2025-03-14
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content — synapseCWE-306 5.3 Medium2024-12-03
CVE-2024-37302 Synapse denial of service through media disk space consumption — synapseCWE-770 7.5 High2024-12-03
CVE-2024-52805 Synapse allows unsupported content types to lead to memory exhaustion — synapseCWE-770 7.5 -2024-12-03
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync` — synapseCWE-20--2024-12-03
CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync — synapseCWE-497 4.3 Medium2024-12-03
CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders — synapseCWE-434 6.5 -2024-12-03
CVE-2024-51750 Element allows a malicious homeserver can modify events leading to unrenderable events or rooms — element-webCWE-248 5.0 Medium2024-11-12
CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment — element-webCWE-451 3.5 Low2024-11-12
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media — element-webCWE-200 7.5 -2024-10-15
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media — element-desktopCWE-200 7.5 -2024-10-15
CVE-2024-31208 Synapse's V2 state resolution weakness allows DoS from remote room members — synapseCWE-770 6.5 Medium2024-04-23
CVE-2024-26132 Element Android can be asked to share internal files. — element-androidCWE-200 4.0 Medium2024-02-20
CVE-2024-26131 Element Android Intent Redirection — element-androidCWE-923 8.4 High2024-02-20

This page lists every published CVE security advisory associated with element-hq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.