PT-2024-34388 · Adapt Learning +1 · Adapt Learning Adapt Authoring Tool +1

Name of the Vulnerable Software and Affected Versions: Adapt Learning Adapt Authoring Tool versions = 0.11.3 Description: A NoSQL injection issue allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. This occurs due to insufficient...

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

CVE-2024-48573

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...

PT-2024-33152 · Aquilacms · Aquilacms

Name of the Vulnerable Software and Affected Versions: AquilaCMS versions 1.409.20 and prior Description: A NoSQL injection issue allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. Recommendations: For versions 1.409.20 and prior, ...

CVE-2024-48573

CVE-2024-48573 affects AquilaCMS 1.409.20 and earlier. The connected documents corroborate a vulnerability in the Reset password feature allowing unauthenticated password resets (NoSQL injection per NVD) with high impact (C/H/I/A = 9.8). Public materials mention exploitation activity (e.g., Explo...

CVE-2024-37405

Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken pre-authentication and livechat:loadHistory...

CVE-2024-37405

Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken pre-authentication and livechat:loadHistory...

RocketChat LiveChat Security Breach

RocketChat LiveChat is a small, lightweight application from RocketChat, Inc. designed to provide B2C business-to-customer communication between agents and website visitors. A security vulnerability exists in RocketChat LiveChat that stems from the presence of a NoSQL injection that can leak...

Rocket.Chat: NoSQL injection leaks visitor token and livechat messages

The Rocket.Chat application was affected by two NoSQL injection vulnerabilities. The first vulnerability allowed leaking visitor tokens by exploiting the livechat:loginByToken method, while the second vulnerability enabled leaking livechat messages by exploiting the livechat:loadHistory method...

Sql injection

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28192

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

CVE-2024-28192

The CVE-2024-28192 entry concerns YourSpotify, an open source self-hosted Spotify tracking dashboard. A NoSQL injection flaw exists in the public access token processing logic for versions before 1.8.0, allowing an attacker to fully bypass the public token authentication mechanism without user in...

CVE-2024-28192 NoSQL Injection Leading to Authentication Bypass in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

YourSpotify Security Breach

YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.8.0 that stems from vulnerability to NoSQL injection in the public access token processing logic, allowing an attacker to completely bypass the public token authenticatio...

VulnCheck KEV: CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remot...

Rocket.Chat SQL Injection Vulnerability (CNVD-2023-43234)

Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...