Exposición de Rocket.Chat
Live chat64
score de exposición
286
sitios usan
0
en explotación
8
críticos
CVEs
53 resultadosCVE-2026-30833MEDIUMRocket.Chat: NoSQL injection in the EE ddp-streamer-serviceEPSS 0.3%CVE-2023-28318MEDIUMA vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeleteEPSS 0.3%CVE-2023-23911—An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a useEPSS 0.3%CVE-2026-32994MEDIUMThe /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allowsEPSS 0.3%CVE-2026-55759HIGHRocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replayEPSS 0.2%CVE-2026-49278MEDIUMRocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor ImpersonationEPSS 0.2%CVE-2023-28317MEDIUMA vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messEPSS 0.2%CVE-2026-45757LOWRocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokensEPSS 0.2%CVE-2026-49277LOWRocket.Chat: OAuth access and refresh tokens remain valid after account deactivationEPSS 0.2%CVE-2026-45687HIGHRocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessageEPSS 0.2%CVE-2026-29197MEDIUMIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/EPSS 0.2%CVE-2026-46423CRITICALRocket.Chat: SAML signature validation skipped when IdP certificate field is emptyEPSS 0.1%CVE-2026-47733MEDIUMRocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown imagesEPSS 0.1%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →