Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakne ...
Continue Reading
April 24, 2024
SpEL Injection in PUT /api/v1/policies (GHSL-2023-252) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access the ...
Continue Reading
April 24, 2024
Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index i ...
Continue Reading
April 24, 2024
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the serv ...
Continue Reading
April 24, 2024
SpEL Injection in PUT /api/v1/events/subscriptions (GHSL-2023-251) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able t ...
Continue Reading
April 24, 2024
SpEL Injection in GET /api/v1/policies/validation/condition/<expr> (GHSL-2023-236) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenti ...
Continue Reading
April 24, 2024
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint ...
Continue Reading
April 24, 2024
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perf ...
Continue Reading
April 24, 2024
Back to Main
