threat
engine
.sh
Back
·
··:··
Home
/
Product
/
matrix synapse
Product
matrix synapse
54 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-9871
< 3.10.730.71519
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers
7.8
HIGH
CVE-2025-9870
< 3.10.730.71519
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local
7.8
HIGH
CVE-2025-9869
< 3.10.730.71519
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to
7.8
HIGH
CVE-2025-30355
< 1.127.1
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Syna
7.1
HIGH
CVE-2024-53863
< 1.120.1
Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or process
9.1
CRITICAL
CVE-2024-52815
< 1.120.1
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over feder
5.3
MEDIUM
CVE-2024-52805
< 1.120.1
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations
7.5
HIGH
CVE-2024-37303
< 1.106.0
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants t
5.3
MEDIUM
CVE-2024-37302
< 1.106.0
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthen
7.5
HIGH
CVE-2024-31208
< 1.105.1
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances bef
6.5
MEDIUM
CVE-2023-43796
< 1.95.1
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can
5.3
MEDIUM
CVE-2023-45129
< 1.94.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malici
4.9
MEDIUM
CVE-2023-42453
>= 1.34.0 and < 1.93.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read rec
3.1
LOW
CVE-2023-41335
>= 1.66.0 and < 1.93.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords
3.7
LOW
CVE-2022-47631
< 3.8.0428.042117
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege manage
7.8
HIGH
CVE-2023-32683
< 1.85.0
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass
3.5
LOW
CVE-2023-32682
< 1.85.0
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for
5.4
MEDIUM
CVE-2023-32323
< 1.74.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse hom
5.0
MEDIUM
CVE-2022-39374
>= 1.62.0 and < 1.68.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homese
6.5
MEDIUM
CVE-2022-39335
< 1.69.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows
5.0
MEDIUM
CVE-2022-47632
< 3.7.0830.081906
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management
6.8
MEDIUM
CVE-2022-41952
< 1.53.0
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without p
6.5
MEDIUM
CVE-2022-31152
< 1.62.0
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifie
6.4
MEDIUM
CVE-2022-31052
< 1.61.1
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some
6.5
MEDIUM
CVE-2021-44226
< 3.7.0228.022817
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin eve
7.3
HIGH
CVE-2021-41281
< 1.47.1
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media
7.5
HIGH
CVE-2021-39164
< 1.41.1
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users ca
3.1
LOW
CVE-2021-39163
< 1.41.1
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users ca
3.1
LOW
CVE-2021-29471
< 1.33.2
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
3.7
LOW
CVE-2021-30494
all versions
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within th
5.5
MEDIUM
CVE-2021-30493
all versions
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within th
5.5
MEDIUM
CVE-2021-21393
> 0.24.0 and < 1.28.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
5.3
MEDIUM
CVE-2021-21392
< 1.28.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
6.3
MEDIUM
CVE-2021-21394
> 0.17.0 and < 1.28.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
5.3
MEDIUM
CVE-2021-21333
< 1.27.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
6.1
MEDIUM
CVE-2021-21332
< 1.27.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
6.9
MEDIUM
CVE-2021-21274
>= 0.99.0 and < 1.25.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
4.3
MEDIUM
CVE-2021-21273
< 1.25.0
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federate
3.1
LOW
CVE-2020-26257
< 1.23.1
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix
6.5
MEDIUM
CVE-2020-26890
< 1.20.0
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member
7.5
HIGH
CVE-2020-26891
< 1.21.0
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. Thi
6.1
MEDIUM
CVE-2019-18835
< 1.5.0
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /
9.8
CRITICAL
CVE-2019-11842
< 0.99.3.1
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which m
7.5
HIGH
CVE-2019-5885
< 0.34.0.1
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to deri
7.5
HIGH
CVE-2018-16515
< 0.33.3.1
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging i
8.8
HIGH
CVE-2018-12423
< 0.31.2
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
7.5
HIGH
CVE-2018-12291
< 0.31.1
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing
7.5
HIGH
CVE-2018-10657
< 0.28.1
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render roo
7.5
HIGH
CVE-2017-15708
all versions
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or al
9.8
CRITICAL
CVE-2017-14398
all versions
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain
7.8
HIGH
CVE-2017-11653
<= 2.20.15.1104
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privilege
7.8
HIGH
CVE-2017-11652
<= 2.20.15.1104
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain pri
8.4
HIGH
CVE-2017-9769
all versions
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess a
9.8
CRITICAL
CVE-2014-7787
all versions
The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, whic
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin