Trovent Security GmbH discovered an email address enumeration vulnerability in the password reset function of the chat application Rocket.Chat. This vulnerability lets an unauthorized user enumerate registered email addresses on the instance of Rocket.Chat.

Trovent Security GmbH discovered an SQL injection vulnerability in a web application of Hepstar. An attacker is able to execute SQL commands without authentication. It is possible to read data from all tables of the database.