CVE search

364,119 results
CVE-2026-54070HIGHSiYuan: Stored XSS in Bazaar marketplace via package README event handlersEPSS 0.2%CVE-2026-54069CRITICALSiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin AllowlistEPSS 0.6%CVE-2026-54068MEDIUMSiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIconEPSS 0.2%CVE-2026-54067CRITICALSiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()EPSS 0.3%CVE-2026-54066HIGHSiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)EPSS 1.9%CVE-2026-55762HIGHRocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` EndpointEPSS 0.3%CVE-2026-55759HIGHRocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replayEPSS 0.2%CVE-2026-55666CRITICALRocket.Chat: Email Parameter Fallback Leads To Account Takeover Within Apple OAuthEPSS 0.3%CVE-2026-49278MEDIUMRocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor ImpersonationEPSS 0.2%CVE-2026-49277LOWRocket.Chat: OAuth access and refresh tokens remain valid after account deactivationEPSS 0.2%CVE-2026-45757LOWRocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokensEPSS 0.2%CVE-2026-33543CRITICALFOSSBilling: Authentication bypass allows unauthenticated administrator creationEPSS 0.3%CVE-2026-46423CRITICALRocket.Chat: SAML signature validation skipped when IdP certificate field is emptyEPSS 0.1%CVE-2026-45689CRITICALRocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATOEPSS 0.3%CVE-2026-45688CRITICALRocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session HijackEPSS 0.3%CVE-2026-45687HIGHRocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessageEPSS 0.2%CVE-2026-45677HIGHRocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoSEPSS 0.5%CVE-2026-33235HIGHAutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating featuresEPSS 0.3%CVE-2026-47733MEDIUMRocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown imagesEPSS 0.1%CVE-2026-32315MEDIUMmotionEye: World-Readable Configuration File Exposes Admin Password HashEPSS 2.9%