Lucene search
K
CvelistRecent

363730 matches found

Cvelist
Cvelist
added 2026/06/24 11:14 p.m.36 views

CVE-2026-9782 Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.28 views

CVE-2026-9781 Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:13 p.m.28 views

CVE-2026-9780 Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS0.0067EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:13 p.m.31 views

CVE-2026-7570 Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:6 p.m.20 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.18 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:41 p.m.22 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS0.00436EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 10:37 p.m.18 views

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:33 p.m.19 views

CVE-2026-39899 Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 10:0 p.m.22 views

CVE-2026-39897 Cacti has a Reflected XSS Vulnerability via html_auth_footer

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

5.3CVSS0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:55 p.m.22 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 9:45 p.m.22 views

CVE-2026-39893 Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:43 p.m.24 views

CVE-2026-2050 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS0.00552EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.20 views

CVE-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.19 views

CVE-2026-55454 Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS0.00328EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:37 p.m.19 views

CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:37 p.m.19 views

CVE-2026-9778 ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS0.01477EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.16 views

CVE-2026-9777 ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

7.2CVSS0.01477EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.17 views

CVE-2026-9776 ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific fl...

7.5CVSS0.0158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.15 views

CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

5.5CVSS0.01195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.14 views

CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS0.01195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.19 views

CVE-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

5.3CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.18 views

CVE-2026-10043 MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.16 views

CVE-2026-9773 Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

8.8CVSS0.01126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.20 views

CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.17 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS0.00271EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:32 p.m.19 views

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS0.00185EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 9:30 p.m.17 views

CVE-2026-53765 chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS0.00077EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:29 p.m.17 views

CVE-2026-53766 chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS0.00087EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:26 p.m.19 views

CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

7.5CVSS0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:24 p.m.16 views

CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.15 views

CVE-2026-54759 SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.16 views

CVE-2026-47110 Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 9:20 p.m.13 views

CVE-2026-50551 SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:19 p.m.15 views

CVE-2026-54158 SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:18 p.m.15 views

CVE-2026-54070 SiYuan: Stored XSS in Bazaar marketplace via package README event handlers

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitizetrue. The lute sanitizer is an event-handler blocklist: allowAttr rejects only...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:17 p.m.15 views

CVE-2026-54069 SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...

9.2CVSS0.00607EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:15 p.m.14 views

CVE-2026-54068 SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:14 p.m.19 views

CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:13 p.m.14 views

CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...

7.5CVSS0.01892EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:8 p.m.18 views

CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...

8.1CVSS0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:7 p.m.15 views

CVE-2026-55759 Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:6 p.m.14 views

CVE-2026-55666 Rocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuth

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/meteor/app/apple/server/loginHandler.ts, handleIdentityToken parses a JWT issued by Apple during the OAuth flow. The try block checks for an...

9.3CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:5 p.m.21 views

CVE-2026-49278 Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in the response. It...

6.7CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:4 p.m.19 views

CVE-2026-49277 Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:1 p.m.15 views

CVE-2026-45757 Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through users.deactivateIdle to keep using already-issued login tokens. A user that an administrator has...

2.3CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:1 p.m.18 views

CVE-2026-33543 FOSSBilling: Authentication bypass allows unauthenticated administrator creation

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already...

9.3CVSS0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:58 p.m.17 views

CVE-2026-46423 Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

9.3CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:57 p.m.18 views

CVE-2026-45689 Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with...

9.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:56 p.m.18 views

CVE-2026-45688 Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...

9.1CVSS0.00289EPSS
Exploits0References1
Total number of security vulnerabilities363730