Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

308 New today

65,585 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

298

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 9.1

Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a sing...

CVE-2026-45689 RocketChat Rocket.Chat >= 8.5.0-rc.0, < 8.5.0

Jun 24, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-45688	Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack_CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.5	CVE-2026-45687	Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-45677	Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
CRITICAL 9.3	CVE-2026-33543	FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543 FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/cre...	FOSSBilling	FOSSBilling < 0.8.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-33235	AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6...	Significant-Gravitas	AutoGPT >= 0.1.0, < 0.6.52	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-32315	motionEye: World-Readable Configuration File Exposes Admin Password Hash_CVE-2026-32315 motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create th...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-31978	motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint_CVE-2026-31978 motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 ...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-13208	Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body_CVE-2026-13208 A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identit...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE
MEDIUM 5.2	CVE-2026-13201	Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification_CVE-2026-13201 A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH\|O_NOFOLLOW to obtain a file descriptor to a path leaf, but...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Rocket.Chat: Pre-Auth NoSQL Injection in OAuth2 Token Endpoint leading to Arbitrary User ATO_CVE-2026-45689

Recent Advisories

Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack_CVE-2026-45688

Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage_CVE-2026-45687

Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS_CVE-2026-45677

FOSSBilling: Authentication bypass allows unauthenticated administrator creation_CVE-2026-33543

AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features_CVE-2026-33235

motionEye: World-Readable Configuration File Exposes Admin Password Hash_CVE-2026-32315

motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint_CVE-2026-31978

Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body_CVE-2026-13208

Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification_CVE-2026-13201

Protect Your Attack Surface with RedGem

Security Intelligence
Feed