Skip to main content

Element

9 CVEs product

Monthly

CVE-2025-27606 MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element Android
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2024-26132 LOW PATCH Monitor

Element Android is an Android Matrix Client. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Element
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2024-26131 HIGH PATCH This Week

Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Google Element
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41904 MEDIUM This Month

Element iOS is an iOS Matrix client provided by Element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Element
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-44538 CRITICAL PATCH Act Now

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Element Javascript Sdk Olm Schildichat +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-40824 Maven MEDIUM PATCH This Month

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Authentication Bypass Element Matrix Android Sdk2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-10247 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager Snap Creator Framework Snapcenter +22
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2019-10246 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty Oncommand System Manager Snap Creator Framework +22
NVD
CVSS 3.1
5.3
EPSS
4.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Element +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Element Android is an Android Matrix Client. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Element
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Google Element
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Element iOS is an iOS Matrix client provided by Element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Element
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Element Javascript Sdk +4
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Authentication Bypass Element +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager +24
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty +24
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy