Lucene search
+L

4 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-46404 BigBlueButton: Presentation URL Security Hardening

BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23...

6.8CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-46404

BigBlueButton: Before 3.0.23, presentation URL validation did not properly restrict site-local/link-local access. The fix pins resolved IPs in redirect logic and is addressed in 3.0.23. No exploitation details provided.

6.8CVSS6AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 9:15 p.m.3 views

CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS6AI score0.00182EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:34 p.m.4 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.8AI score0.00249EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder