904 matches found
CVE-2026-1923
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1923
CVE-2026-1923 affects the WordPress plugin Social Rocket – Social Sharing Plugin. The vulnerability is a stored XSS via the id parameter in all versions up to and including 1.3.4.2, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Subscriber l...
CVE-2026-1923
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Social Rocket – Social Sharing Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-34627
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Rocket.Chat SQL注入漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...
CVE-2026-29198
In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...
PT-2026-34579
In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...
CVE-2026-22560
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...
CVE-2026-22560
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...
CVE-2026-22560
CVE-2026-22560 is an open redirect vulnerability affecting Rocket.Chat prior to 8.4.0. The issue arises from manipulating parameters in the SAML endpoint to redirect users to arbitrary URLs, notably via the /_saml/sloRedirect/:provider flow where the redirect URL is placed directly in a Location ...
Exploit for Special Element Injection in Rocket.Chat
Rocket.Chat CVE-2021-22911 Exploit ⚠️ DISCLAIMER - EDUCATI...
Rocket.Chat 安全漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions of Rocket.Chat prior to 8.4.0 contained a security vulnerability, which was caused by improper handling of SAML endpoint parameters. This vulnerability could lead to open redirection attacks...
Rocket TRUfusion Enterprise - Server Side Request Forgery
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource. id: CVE-2025-32355 info: name: Rocket TRUfusi...
VulnCheck KEV: CVE-2025-32355
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...
Linux Distros Unpatched Vulnerability : CVE-2026-23305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could ...
CVE-2026-28044
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...
CVE-2026-23305
A flaw was found in the accel/rocket component of the Linux kernel. This vulnerability arises from improper error handling during the unwinding process in the rocketprobe function. When the rocketcoreinit function fails, the system does not correctly manage resources, leading to out-of-bounds...
SUSE CVE-2026-23305
In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...