Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-38138

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00603EPSS
Exploits1References1
Prion
Prion
added 2022/09/23 7:15 p.m.18 views

Information disclosure

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...

4CVSS4.6AI score0.00603EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/23 6:28 p.m.4 views

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...

4.5AI score0.00603EPSS
Exploits1References1
OSV
OSV
added 2022/09/23 6:28 p.m.13 views

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...

4.3CVSS6.5AI score0.00603EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/01/22 1:23 p.m.25 views

Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs

Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...

4CVSS2AI score0.00603EPSS
Exploits1
Rows per page
Query Builder