24 matches found
EUVD-2026-29433
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...
CVE-2026-41125
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...
CVE-2026-41125
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...
CVE-2026-41125
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2026-41125
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...
EUVD-2018-0518
Malware in sbrugna...
EUVD-2022-38141
Malicious code in bioql PyPI...
Rocket.Chat getUserMentionsByChannel meteor server information disclosure vulnerability
Rocket.Chat is an open source team chat software. A message disclosure vulnerability exists in Rocket.Chat versions prior to 5.0, which stems from the getUserMentionsByChannel meteor server method disclosing messages from private channels and direct messages, regardless of the user's access right...
Rocket.Chat Input Validation Error Vulnerability
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...
Rocket.Chat getUserMentionsByChannel meteor server authorization issues vulnerability
Rocket.Chat is an open source team chat software. A vulnerability exists in Rocket.Chat prior to version 5.0 due to an authorization issue, which stems from a leak in the getUserMentionsByChannel meteor server method that can be exploited by an attacker to obtain sensitive information...
CVE-2022-35249
A information disclosure vulnerability exists in Rocket.Chat v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
CVE-2022-35249
A information disclosure vulnerability exists in Rocket.Chat v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
Information disclosure
A information disclosure vulnerability exists in Rocket.Chat v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
Information disclosure
An information disclosure vulnerability exists in Rocket.Chat v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
Information disclosure
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs
Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...