CVE-2026-23477
- EPSS 0.03%
- Veröffentlicht 14.01.2026 18:16:05
- Zuletzt bearbeitet 26.01.2026 18:03:24
Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This e...
CVE-2025-5892
- EPSS 0.22%
- Veröffentlicht 09.06.2025 19:31:05
- Zuletzt bearbeitet 10.07.2025 16:24:57
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument lin...
CVE-2024-46936
- EPSS 0.1%
- Veröffentlicht 25.09.2024 01:15:44
- Zuletzt bearbeitet 26.09.2024 13:32:02
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
CVE-2017-1000054
- EPSS 0.21%
- Veröffentlicht 17.07.2017 13:18:17
- Zuletzt bearbeitet 20.04.2025 01:37:25
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.