CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

EUVD-2022-53415

Malicious code in bioql PyPI...

CVE-2022-32211

A SQL injection vulnerability exists in Rocket.Chat v3.18.6, v4.4.4 and v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret...