Vulnerabilities in element-hq
25 resultsCVE-2024-31208MEDIUMSynapse's V2 state resolution weakness allows DoS from remote room membersEPSS 1.5%CVE-2025-30355HIGHSynapse vulnerable to federation denial of service via malformed eventsEPSS 1.1%CVE-2024-52805HIGHSynapse allows unsupported content types to lead to memory exhaustionEPSS 0.7%CVE-2024-53863HIGHSynapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decodersEPSS 0.6%CVE-2024-47771HIGHElement Desktop vulnerable to potential exposure of access token via authenticated mediaEPSS 0.6%CVE-2024-37302HIGHSynapse denial of service through media disk space consumptionEPSS 0.6%CVE-2024-52815HIGHSynapse allows a a malformed invite to break the invitee's `/sync`EPSS 0.5%CVE-2024-51750MEDIUMElement allows a malicious homeserver can modify events leading to unrenderable events or roomsEPSS 0.5%CVE-2024-26131HIGHElement Android Intent RedirectionEPSS 0.5%CVE-2025-61672MEDIUMSynapse: Invalid device keys degrade federation functionalityEPSS 0.4%CVE-2025-62425HIGHMatrix Authentication Service account password can be changed using an authenticated session without supplying the current passwordEPSS 0.4%CVE-2024-53867MEDIUMSynapse Matrix has a partial room state leak via Sliding SyncEPSS 0.4%CVE-2024-47779HIGHElement Web vulnerable to potential exposure of access token via authenticated mediaEPSS 0.4%CVE-2024-37303MEDIUMSynapse unauthenticated writes to the media repository allow planting of problematic contentEPSS 0.4%CVE-2024-26132MEDIUMElement Android can be asked to share internal files.EPSS 0.4%CVE-2025-59161LOWIn Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is leftEPSS 0.4%CVE-2026-45076MEDIUMSynapse pagination denial of serviceEPSS 0.4%CVE-2024-51749LOWElement's thumbnails can be abused to misrepresent the content of an attachmentEPSS 0.3%CVE-2025-27599MEDIUMElement X Android vulnerable to loading malicious web pages via received intentEPSS 0.3%CVE-2026-24044CRITICALESS Community Helm Chart has a weak server key generation methodEPSS 0.3%