CVE-2024-51749

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-451
View all →

Vulnerability Description

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.

Related Vulnerabilities

CVE-2022-38163

LOW
CVSS:3.5(Low)

A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the a...

CWE-4512022

CVE-2024-9163

LOW
CVSS:3.5(Low)

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion i...

CWE-4512024

CVE-2025-46394

LOW
CVSS:3.2(Low)

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

CWE-4512025

CVE-2024-54558

LOW
CVSS:2.8(Low)

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to...

CWE-4512024

CVE-2017-0888

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable inp...

CWE-4512017

CVE-2020-7363

MEDIUM
CVSS:4.3(Medium)

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser...

CWE-4512020