CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CNNVD•added 2026/03/18 12:0 a.m.•3 views

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS prior to 4.28.0 contained security vulnerabilities, which were caused by incorrect MongoDB queries and could lead to bypassing multi-factor authentication...

8.1CVSS5.8AI score0.0013EPSS

Exploits1References1

RedhatCVE•added 2026/03/07 7:31 p.m.•2 views

CVE-2026-30833

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...

6.9CVSS5.7AI score0.00084EPSS

Exploits0References1

ATTACKERKB•added 2026/03/06 5:40 p.m.•3 views

CVE-2026-30833

6.9CVSS5.7AI score0.00084EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-53428

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00452EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:56 p.m.•6 views

CVE-2022-32228

An information disclosure vulnerability exists in Rocket.Chat...

4.3CVSS4.5AI score0.00452EPSS

Exploits1References1

Veracode•added 2024/12/17 10:44 a.m.•11 views

Code Injection

Mongoose is vulnerable to a Code Injection. The vulnerability is due to improper use of the $where operator, which allows the execution of arbitrary JavaScript code in MongoDB queries. This could lead to code injection attacks, enabling unauthorized access to or manipulation of database data...

9.1CVSS7.3AI score0.52176EPSS

Exploits3References8Affected Software1

NVD•added 2022/09/23 7:15 p.m.•7 views

CVE-2022-32228

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs...

4.3CVSS0.00452EPSS

Exploits1References1

OSV•added 2022/09/23 7:15 p.m.•17 views

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

4.3CVSS6.4AI score

Exploits0References1

Prion•added 2022/09/23 7:15 p.m.•8 views

Information disclosure

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

4CVSS4.4AI score0.0042EPSS

Exploits1References1Affected Software1

CVE•added 2022/09/23 6:28 p.m.•45 views

CVE-2022-32218

CVE-2022-32218 – Rocket.Chat information disclosure : The vulnerability stems from actionLinkHandler/ actionLinks.getMessage not validating input, allowing authenticated users to enumerate Message IDs via a regex MongoDB query. Impact: potential exposure of sensitive information by enumerating ex...

4.3CVSS4.3AI score0.0042EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2022/09/23 6:28 p.m.•5 views

CVE-2022-32228

4.5AI score0.00452EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by