Known Vulnerabilities for products from Rocket.Chat
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rocket.Chat".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-22560 json | Not Provided | 2026-04-10 | 2026-04-14 | |
| CVE-2023-28359 json | A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploi... | 5.3 - MEDIUM | 2023-05-11 | 2023-05-22 |
| CVE-2023-28358 json | A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the... | 6.1 - MEDIUM | 2023-05-11 | 2023-05-22 |
| CVE-2023-28357 json | A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whet... | 4.3 - MEDIUM | 2023-05-11 | 2023-05-22 |
| CVE-2023-28356 json | A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause t... | 7.5 - HIGH | 2023-05-11 | 2023-05-22 |
| CVE-2023-28325 json | An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter ... | 6.5 - MEDIUM | 2023-05-11 | 2023-05-22 |
| CVE-2023-28318 json | A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Mes... | 5.3 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-28317 json | A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI ... | 5.3 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-28316 json | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active ses... | 9.8 - CRITICAL | 2023-05-09 | 2023-05-17 |
| CVE-2023-23917 json | A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin... | 8.8 - HIGH | 2023-02-23 | 2023-03-03 |
| CVE-2023-23911 json | An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a cha... | 7.5 - HIGH | 2023-03-10 | 2023-03-16 |
| CVE-2022-44567 json | A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url ... | 9.8 - CRITICAL | 2022-12-23 | 2023-01-04 |
| CVE-2022-35251 json | A cross-site scripting vulnerability exists in Rocket.chat | 5.4 - MEDIUM
|
2022-09-23
|
2022-09-26
|
|
| CVE-2022-35250 json | A privilege escalation vulnerability exists in Rocket.chat | 4.3 - MEDIUM
|
2022-09-23
|
2022-09-27
|
|
| CVE-2022-35249 json | A information disclosure vulnerability exists in Rocket.Chat | 4.3 - MEDIUM
|
2022-09-23
|
2023-07-21
|
|
| CVE-2022-35248 json | A improper authentication vulnerability exists in Rocket.Chat | 8.8 - HIGH
|
2022-09-23
|
2022-09-26
|
|
| CVE-2022-35247 json | A information disclosure vulnerability exists in Rocket.chat | 4.3 - MEDIUM
|
2022-09-23
|
2022-09-26
|
|
| CVE-2022-35246 json | A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat | 4.3 - MEDIUM
|
2022-09-23
|
2023-06-29
|
|
| CVE-2022-32229 json | A information disclosure vulnerability exists in Rockert.Chat | 4.3 - MEDIUM
|
2022-09-23
|
2023-07-21
|
|
| CVE-2022-32228 json | An information disclosure vulnerability exists in Rocket.Chat | 4.3 - MEDIUM
|
2022-09-23
|
2023-07-21
|
|
Known software with vulnerabilities from Rocket.Chat
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rocket.chat | Rocket.chat | 0.10.0 |