Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
•added 2026/06/24 8:57 p.m.•5 views

CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS6.1AI score0.00308EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52094

🚨 CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single...

9.1CVSS6AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
•added 2026/04/17 12:0 a.m.•11 views

FastGPT å®‰å…Øę¼ę“ž

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the use of TypeScript type assertions in password-based login endpoints...

9.8CVSS5.9AI score0.00627EPSS
Exploits1References2
Packet Storm
Packet Storm
•added 2026/04/13 12:0 a.m.•90 views

šŸ“„ Cockpit CMS 2.13.5 NoSQL Injection

Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...

5.8AI score
Exploits0
EUVD
EUVD
•added 2026/03/10 9:3 p.m.•9 views

EUVD-2026-10826

Feathers has a NoSQL Injection via WebSocket id Parameter in MongoDB Adapter...

9.3CVSS5.8AI score0.00461EPSS
Exploits0References1
CVE
CVE
•added 2026/03/10 8:8 p.m.•22 views

CVE-2026-29793

Feathersjs vulnerability CVE-2026-29793 affects Feathersjs 5.0.0–5.0.41 with Socket.IO client-supplied ids not type-checked, which may pass as MongoDB operators (e.g., {$ne: null}) into queries via the MongoDB adapter. This can cause unintended document matches and impacts on confidentiality, int...

9.8CVSS5.9AI score0.00461EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
•added 2026/03/10 12:0 a.m.•6 views

PT-2026-24421

Name of the Vulnerable Software and Affected Versions Feathersjs versions 5.0.0 through 5.0.41 Description Feathersjs is a framework used for building web APIs and real-time applications. Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch,...

9.3CVSS5.9AI score0.00461EPSS
Exploits0References7
Rows per page
Query Builder