Improper input validation in Cinnyapp Cinny

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's client to send their Matrix access token to a…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (37.2th percentile) — read the EPSS interpretation.