CVE-2026-55666

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from unverified email binding issues, which could lead to account...

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

Chatwoot 授权问题漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. In versions of Chatwoot from 2.14.0 to 4.13.0, there was a vulnerability related ...

CVAT.ai CVAT 授权问题漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...