CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

BRS WebWeaver HTTP Server DDP vulnerability

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver HTTP Server DDP vulnerability product: BRS WebWeaver 1.01, 1.03 HTTP Server vendor: http://www.bsoutham.org/WebWeaver/ risk: high date: 01/14/2k3 discovered by: euronymous /F0KP /R00tC0de advisory urls:...