CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•4 views

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

4.3CVSS5.5AI score0.00011EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

6.5CVSS5.3AI score0.00036EPSS

NVD•added 2026/05/18 10:16 p.m.•5 views

CVE-2026-27737

6.5CVSS0.00036EPSS

EUVD•added 2026/05/18 9:11 p.m.•8 views

EUVD-2026-30811

ATTACKERKB•added 2026/05/18 9:11 p.m.•5 views

CVE-2026-27737

Exploits0References6Affected Software3

CVE•added 2026/05/18 9:11 p.m.•14 views

CVE-2026-27737

CVE-2026-27737 affects BigBlueButton prior to version 3.0.19 . The issue arises in the recording playback (presentation format) where user input in the public chat was not sanitized, enabling a targeted XSS attack when replaying the recording. Root cause: missing input sanitization in the bbb-pla...

Vulnrichment•added 2026/05/18 9:11 p.m.•5 views

CVE-2026-27737 BigBlueButton has Stored XSS in bbb-playback replay

Cvelist•added 2026/05/18 9:11 p.m.•29 views

CVE-2026-27737 BigBlueButton has Stored XSS in bbb-playback replay

6.5CVSS0.00036EPSS

CNNVD•added 2026/05/18 12:0 a.m.•5 views

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

6.5CVSS5.6AI score0.00036EPSS

Positive Technologies•added 2026/05/18 12:0 a.m.•7 views

PT-2026-41738

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.19 Description Recording playback in presentation format fails to sanitize user input within the public chat. This allows a malicious actor to execute a targeted Cross-Site Scripting XSS attack—a technique...

6.5CVSS5.9AI score0.00036EPSS

Exploits0References9

NVD•added 2026/04/22 12:16 a.m.•2 views

CVE-2026-41127

6.5CVSS0.00028EPSS

NVD•added 2026/04/22 12:16 a.m.•2 views

CVE-2026-41126

4.3CVSS0.00011EPSS

CNNVD•added 2026/04/22 12:0 a.m.•5 views

BigBlueButton 输入验证错误漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.24 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection issue in the get-parameter and logoutURL...

4.3CVSS5.8AI score0.00011EPSS

CNNVD•added 2026/04/22 12:0 a.m.•5 views

BigBlueButton 安全漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.24 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authorization, allowing viewers to inject or overwrite subtitles, potentiall...

CVE•added 2026/04/21 11:24 p.m.•6 views

CVE-2026-41127

BigBlueButton (open-source virtual classroom) prior to 3.0.24 has an authorization flaw that allows viewers to inject or overwrite captions; version 3.0.24 tightened permissions to submit captions. No known workarounds are provided. CVSS 3.1 base score is 6.5 (I: High, A: None, C: None; Privilege...

EUVD•added 2026/04/21 11:24 p.m.•4 views

EUVD-2026-24565

ATTACKERKB•added 2026/04/21 11:24 p.m.•0 views

CVE-2026-41127