CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/01/09 11:18 a.m.•3 views

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

9.8CVSS6.8AI score0.92332EPSS

Exploits15References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-1606

Malware in sbrugna...

9.8CVSS9.5AI score0.00296EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10024

Malware in sbrugna...

7.5CVSS7.6AI score0.01357EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-27999

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00807EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:13 p.m.•4 views

CVE-2020-8288

The specializedRendering function in Rocket.Chat server before 3.9.2 allows a cross-site scripting XSS vulnerability by way of the value parameter...

5.4CVSS5.7AI score0.00466EPSS

Exploits1References1

NVD•added 2021/05/27 12:15 p.m.•9 views

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

9.8CVSS0.92332EPSS

Exploits15References4

OSV•added 2021/05/27 12:15 p.m.•17 views

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

9.8CVSS6.6AI score

Exploits0References4

CVE•added 2021/05/27 11:14 a.m.•257 views

CVE-2021-22911

CVE-2021-22911 affects Rocket.Chat 3.11–3.13 and is a NoSQL injection that enables unauthenticated access to an API endpoint, potentially leading to data exposure, modification, or remote code execution. Root cause: NoSQL injection in endpoints such as getPasswordPolicy and users.list, enabling r...

9.8CVSS9.2AI score0.92332EPSS

In wildExploits15References4Affected Software1

Cvelist•added 2021/05/27 11:14 a.m.•11 views

CVE-2021-22911

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE...

9.6AI score0.92332EPSS

Exploits15References4

NVD•added 2021/01/26 6:16 p.m.•7 views

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

5.4CVSS5.3AI score0.00322EPSS

Exploits1References2

Prion•added 2021/01/26 6:16 p.m.•5 views

Cross site scripting

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

4.3CVSS5.3AI score0.00322EPSS

Exploits1References2Affected Software1

Hacker One•added 2019/11/11 8:25 p.m.•11 views

Rocket.Chat: Account takeover via XSS

Summary: By combining AutoLinker and Markdown an attacker is able to inject malicious scripts. Description: By combining AutoLinker and Markdown we can trick the parser into breaking out of the current HTML attribute. https://a?p= results in: html ." target="blank" rel="noopener noreferrer" "...

7AI score

Exploits0

NVD•added 2018/01/03 1:29 a.m.•11 views

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover...

9.8CVSS9.6AI score0.00296EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by