Vulnerabilidades em Rocket.Chat
12 resultadosCVE-2024-39713HIGHA Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.EPSS 3.2%CVE-2026-48929HIGHRocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletionEPSS 0.6%CVE-2024-42027MEDIUMThe E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they havEPSS 0.5%CVE-2024-37405MEDIUMLivechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistEPSS 0.5%CVE-2025-7974LOWrocket.chat Incorrect Authorization Information Disclosure VulnerabilityEPSS 0.4%CVE-2026-29198CRITICALIn Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account tEPSS 0.4%CVE-2026-22560MEDIUMAn open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameEPSS 0.3%CVE-2026-48616CRITICALRocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. ProteEPSS 0.3%CVE-2026-32995HIGHThe Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 EPSS 0.3%CVE-2026-32994MEDIUMThe /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allowsEPSS 0.3%CVE-2026-29197MEDIUMIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/EPSS 0.2%CVE-2024-8270MEDIUMmacOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous EntitlementsEPSS 0.2%