318 matches found
CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...
CVE-2026-28514
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2026-28514
CVE-2026-28514 affects Rocket.Chat versions prior to 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0. The root cause is a missing await keyword when validating passwords in the ddp-streamer account service, causing a Promise object to be treated as a truthy result and permitting login wit...
EUVD-2026-10050
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...
PT-2026-23735
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...
Rocket.Chat 授权问题漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0 contain an authorization vulnerability. This vulnerability stems from a missing await keyword in the password verification function of the account service...
PT-2026-23738
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.10.8 Rocket.Chat versions prior to 7.11.5 Rocket.Chat versions prior to 7.12.5 Rocket.Chat versions prior to 7.13.4 Rocket.Chat versions prior to 8.0.2 Rocket.Chat versions prior to 8.1.1 Rocket.Chat versions...
Rocket.Chat 安全漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000737)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000737 advisory. The atalkrecvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure...
Malicious Package
Overview ddp-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2025-202366
Malicious code in ddp-common npm...
Malicious code in ddp-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b1ae70118a343c68fd301dbce7ef05fbdf587541f9d61bd1df8a5048578282a The package ddp-common was found to contain malicious code. Source: ghsa-malware afe6b2223d57e3d32fa4220c3a687d0b70fd8c0047fd4925d4b0e6766ce5420e Any...
MAL-2025-192408 Malicious code in ddp-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b1ae70118a343c68fd301dbce7ef05fbdf587541f9d61bd1df8a5048578282a The package ddp-common was found to contain malicious code. Source: ghsa-malware afe6b2223d57e3d32fa4220c3a687d0b70fd8c0047fd4925d4b0e6766ce5420e Any...
EUVD-2023-41215
Malicious code in bioql PyPI...
EUVD-2023-39731
Malicious code in bioql PyPI...
EUVD-2025-15378
Malicious code in bioql PyPI...
EUVD-2023-39736
Malicious code in bioql PyPI...