Vulnerabilities > Rocket Chat > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-28316 Session Fixation vulnerability in Rocket.Chat
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA.
network
low complexity
rocket-chat CWE-384
critical
 9.8
9.8
2021-08-09 CVE-2021-22910 Unspecified vulnerability in Rocket.Chat
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
network
low complexity
rocket-chat
critical
 9.8
9.8