Skip to main content

Synapse

39 CVEs product

Monthly

CVE-2025-30355 PyPI HIGH PATCH This Week

Synapse is an open source Matrix homeserver implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synapse Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
7.5%
CVE-2023-43796 PyPI MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-45129 PyPI MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-42453 PyPI MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Synapse Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-41335 PyPI LOW PATCH Monitor

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-32683 PyPI MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass Synapse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32682 PyPI MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Synapse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-32323 PyPI MEDIUM POC PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-41952 PyPI MEDIUM PATCH This Month

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Synapse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-31152 PyPI HIGH PATCH This Week

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31052 PyPI MEDIUM PATCH This Month

Synapse is an open source home server implementation for the Matrix chat network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-41281 PyPI HIGH PATCH This Week

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-39164 PyPI LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.1
EPSS
1.5%
CVE-2021-39163 PyPI LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.1
EPSS
0.9%
CVE-2021-29471 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-30494 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-30493 MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-21393 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21392 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2021-21394 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21333 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Python Code Injection Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-21332 PyPI HIGH PATCH This Week

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

CSRF Python XSS Synapse Fedora
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-21274 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-21273 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-26257 PyPI MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-26890 PyPI HIGH PATCH This Week

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-26891 PyPI MEDIUM PATCH This Month

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Synapse
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2019-18835 PyPI CRITICAL PATCH Act Now

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-11842 PyPI HIGH PATCH This Week

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sydent Synapse
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-5885 PyPI HIGH PATCH This Week

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse Fedora
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-16515 PyPI HIGH PATCH This Week

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Synapse Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-12423 PyPI HIGH PATCH This Week

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-12291 PyPI HIGH PATCH This Week

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-10657 PyPI HIGH PATCH This Week

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2017-15708 Maven CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache Synapse Financial Services Market Risk Measurement And Management +1
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2017-14398 HIGH This Week

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Synapse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-11653 HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Synapse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-11652 HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Synapse
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2017-9769 CRITICAL POC THREAT Emergency

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

Information Disclosure Synapse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.8%
Threat
5.8
EPSS 8% CVSS 7.1
HIGH PATCH This Week

Synapse is an open source Matrix homeserver implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synapse Suse
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Synapse Fedora
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Synapse Fedora
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python SSRF Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Synapse
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Synapse
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Synapse
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Synapse is an open source home server implementation for the Matrix chat network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Synapse +1
NVD GitHub
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synapse
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Python Code Injection Synapse +1
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

CSRF Python XSS +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Synapse
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sydent Synapse
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse Fedora
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Jwt Attack Information Disclosure Synapse +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse
NVD GitHub
EPSS 20% CVSS 9.8
CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Synapse
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Synapse
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Synapse
NVD
EPSS 78% 5.8 CVSS 9.8
CRITICAL POC THREAT Emergency

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

Information Disclosure Synapse
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy