4 matches found
CVE-2026-55666
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...
CVE-2026-29198
In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...
EUVD-2022-53415
Malicious code in bioql PyPI...
CVE-2022-32211
A SQL injection vulnerability exists in Rocket.Chat v3.18.6, v4.4.4 and v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret...