Exposición de Rocket.Chat
Live chat34
score de exposición
286
sitios usan
0
en explotación
4
críticos
CVEs
41 resultadosCVE-2022-32227MEDIUMA cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permEPSS 0.5%CVE-2022-35247MEDIUMA information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles MeteoEPSS 0.5%CVE-2022-35251MEDIUMA cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to mEPSS 0.5%CVE-2024-37405MEDIUMLivechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistEPSS 0.5%CVE-2026-28514CRITICALRocket.Chat: Users can login with any password via the EE ddp-streamer-serviceEPSS 0.5%CVE-2025-7974LOWrocket.chat Incorrect Authorization Information Disclosure VulnerabilityEPSS 0.4%CVE-2026-29198CRITICALIn Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account tEPSS 0.4%CVE-2023-28357MEDIUMA vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is aEPSS 0.4%CVE-2023-28325MEDIUMAn improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the EPSS 0.4%CVE-2023-28358MEDIUMA vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of mEPSS 0.4%CVE-2026-30831HIGHRocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamerEPSS 0.3%CVE-2026-22560MEDIUMAn open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameEPSS 0.3%CVE-2026-23477HIGHRocket.Chat Unauthorized Access to OAuth App DetailsEPSS 0.3%CVE-2026-48616CRITICALRocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. ProteEPSS 0.3%CVE-2026-32995HIGHThe Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 EPSS 0.3%CVE-2026-30833MEDIUMRocket.Chat: NoSQL injection in the EE ddp-streamer-serviceEPSS 0.3%CVE-2023-28318MEDIUMA vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeleteEPSS 0.3%CVE-2023-23911—An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a useEPSS 0.3%CVE-2026-32994MEDIUMThe /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allowsEPSS 0.3%CVE-2023-28317MEDIUMA vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messEPSS 0.2%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →