Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

190 New today
65,350 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
63
Jun 25
Critical
High
Medium
Low
Latest
CVE CVSS 6.7

Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in...

CVE-2026-49278 RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.3 CVE-2026-49277

Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation_CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
MEDIUM 4.4 CVE-2026-47733

Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown...

RocketChat Rocket.Chat < 8.5.0 CVE
CRITICAL 9.3 CVE-2026-46423

Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty_CVE-2026-46423

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
LOW 2.3 CVE-2026-45757

Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
CRITICAL 9.1 CVE-2026-45689

Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
CRITICAL 9.1 CVE-2026-45688

Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack_CVE-2026-45688

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
HIGH 8.5 CVE-2026-45687

Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
HIGH 8.7 CVE-2026-45677

Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...

RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0 CVE
CRITICAL 9.3 CVE-2026-33543

FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/cre...

FOSSBilling FOSSBilling < 0.8.0 CVE