CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737 BigBlueButton has Stored XSS in bbb-playback replay

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737

CVE-2026-27737 affects BigBlueButton prior to version 3.0.19 . The issue arises in the recording playback (presentation format) where user input in the public chat was not sanitized, enabling a targeted XSS attack when replaying the recording. Root cause: missing input sanitization in the bbb-pla...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: haproxy: haproxy-3.0.19-1.1.hum1 aarch64, x8664 haproxy-3.0.19-1.1.hum1.src src...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: haproxy: haproxy-3.0.19-1.hum1 aarch64, x8664 haproxy-3.0.19-1.hum1.src src...

CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JW58725 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2x5j-vhc8-9cwm, ghsa-2xsj-vh29-9cwm, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-r6j8-c6r2-37rr applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.0.22-r0, 3.0.23-r0, 3.0.23-r1, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4

Multiple security vulnerabilities affect the argo-cd package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

CVE-2026-27467

CVE-2026-27467 affects BigBlueButton up to version 3.0.19. When first joining a session with the microphone muted, the client sends audio to the server regardless of mute state; the server discards media, so it is not audible to other participants, but a malicious server operator could access the...

Security Bulletin: Multiple Vulnerabilities in IBM QRadar Deployment Intelligence app

Summary Multiple vulnerabilities were addressed in IBM QRadar Deployment Intelligence app 3.0.19 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

EUVD-2023-32609

Malicious code in bioql PyPI...

CVE-2025-59537

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

CVE-2023-28991

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...

openSUSE: Security Advisory for vlc (openSUSE-SU-2023:0366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46814

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...

VideoLAN VLC media player security vulnerability

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. It supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists in VideoLA...

PT-2023-30230 · Videolan · Vlc Media Player

Name of the Vulnerable Software and Affected Versions: VideoLAN VLC media player versions prior to 3.0.19 Description: A binary hijacking issue exists where the uninstaller attempts to execute code with elevated privileges from a location writable by standard users. This can be exploited by...

Oracle Linux 8 : freeradius:3.0 (ELSA-2019-3353)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3353 advisory. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of t...

CVE-2023-29435

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...

CVE-2023-29435

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...