Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

294 New today

65,279 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

347

Jun 24

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 2.3

Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue usi...

CVE-2026-49277 RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.4	CVE-2026-47733	Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown...	RocketChat	Rocket.Chat < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-46423	Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-45757	Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-45689	Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-45688	Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack_CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-45687	Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-45677	Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-33543	FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543 FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/cre...	FOSSBilling	FOSSBilling < 0.8.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-33235	AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6...	Significant-Gravitas	AutoGPT >= 0.1.0, < 0.6.52	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277

Recent Advisories

Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733

Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423

Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757

Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689

Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack_CVE-2026-45688

Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687

Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677

FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543

AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235

Protect Your Attack Surface with RedGem

Security Intelligence
Feed