487 matches found
CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...
CVE-2026-55762
Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...
PT-2026-52118
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...
CVE-2026-52698
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...
CVE-2026-52698
The CVE concerns the WordPress PushEngage plugin (versions
CVE-2026-42973
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42971
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42969
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42970
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42991
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42979
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42977
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42978
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42991
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42979
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42973
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42977
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42978
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-42970
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...
CVE-2026-42971
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...