CVE search

363,766 results
CVE-2026-49277LOWRocket.Chat: OAuth access and refresh tokens remain valid after account deactivationEPSS 0.2%CVE-2026-45757LOWRocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokensEPSS 0.2%CVE-2026-33543CRITICALFOSSBilling: Authentication bypass allows unauthenticated administrator creationEPSS 0.3%CVE-2026-46423CRITICALRocket.Chat: SAML signature validation skipped when IdP certificate field is emptyEPSS 0.1%CVE-2026-45689CRITICALRocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATOEPSS 0.3%CVE-2026-45688CRITICALRocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session HijackEPSS 0.3%CVE-2026-45687HIGHRocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessageEPSS 0.2%CVE-2026-45677HIGHRocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoSEPSS 0.5%CVE-2026-33235HIGHAutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating featuresEPSS 0.3%CVE-2026-47733MEDIUMRocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown imagesEPSS 0.1%CVE-2026-32315MEDIUMmotionEye: World-Readable Configuration File Exposes Admin Password HashEPSS 2.9%CVE-2026-13208MEDIUMKubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request bodyEPSS 0.1%CVE-2026-13201HIGHKubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level vm disruptionEPSS 0.1%CVE-2026-52797HIGHGogs: Overwriting critical files results in a denial of serviceEPSS 0.4%CVE-2026-52813CRITICALGogs: Path Traversal in organization name results in RCE through Git hooksEPSS 1.1%CVE-2026-52812HIGHGogs: LFS dedupe path leaks private repo content across tenantsEPSS 0.2%CVE-2026-52811CRITICALGogs: UploadRepoFiles writes outside repo working tree via committed parent symEPSS 0.5%CVE-2026-52810HIGHGogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusionEPSS 0.4%CVE-2026-11998HIGHAngularJS XSS via SCE resource URL sanitization bypassEPSS 0.3%CVE-2026-52809MEDIUMGogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVESEPSS 0.2%