Lucene search
+L

318 matches found

OSV
OSV
added 2026/03/06 5:40 p.m.6 views

CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.3CVSS5.8AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 5:35 p.m.6 views

CVE-2026-28514

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00498EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/06 5:35 p.m.28 views

CVE-2026-28514

CVE-2026-28514 affects Rocket.Chat versions prior to 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0. The root cause is a missing await keyword when validating passwords in the ddp-streamer account service, causing a Promise object to be treated as a truthy result and permitting login wit...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/06 5:35 p.m.7 views

EUVD-2026-10050

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00498EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 5:35 p.m.9 views

CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00498EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/06 5:35 p.m.7 views

CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00498EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 5:35 p.m.53 views

CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS0.00498EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23735

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.8.6 Rocket.Chat versions prior to 7.9.8 Rocket.Chat versions prior to 7.10.7 Rocket.Chat versions prior to 7.11.4 Rocket.Chat versions prior to 7.12.4 Rocket.Chat versions prior to 7.13.3 Rocket.Chat versions...

9.3CVSS5.9AI score0.00498EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Rocket.Chat 授权问题漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0 contain an authorization vulnerability. This vulnerability stems from a missing await keyword in the password verification function of the account service...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23738

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 7.10.8 Rocket.Chat versions prior to 7.11.5 Rocket.Chat versions prior to 7.12.5 Rocket.Chat versions prior to 7.13.4 Rocket.Chat versions prior to 8.0.2 Rocket.Chat versions prior to 8.1.1 Rocket.Chat versions...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.21 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000737 advisory. The atalkrecvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure...

4.9CVSS6.9AI score0.00434EPSS
Exploits0References21
Snyk
Snyk
added 2025/12/10 1:58 a.m.4 views

Malicious Package

Overview ddp-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/12/10 1:58 a.m.5 views

EUVD-2025-202366

Malicious code in ddp-common npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/10 1:58 a.m.7 views

Malicious code in ddp-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b1ae70118a343c68fd301dbce7ef05fbdf587541f9d61bd1df8a5048578282a The package ddp-common was found to contain malicious code. Source: ghsa-malware afe6b2223d57e3d32fa4220c3a687d0b70fd8c0047fd4925d4b0e6766ce5420e Any...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/12/10 1:58 a.m.6 views

MAL-2025-192408 Malicious code in ddp-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b1ae70118a343c68fd301dbce7ef05fbdf587541f9d61bd1df8a5048578282a The package ddp-common was found to contain malicious code. Source: ghsa-malware afe6b2223d57e3d32fa4220c3a687d0b70fd8c0047fd4925d4b0e6766ce5420e Any...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41215

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00637EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-39731

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00855EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15378

Malicious code in bioql PyPI...

6.3CVSS4.6AI score0.00615EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-39736

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00855EPSS
Exploits0References2
Rows per page
Query Builder