Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33789

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meeting id that returns transcript data for any meeting without any authentication or...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 6:0 a.m.19 views

CVE-2026-1368

The CVE-2026-1368 issue affects the Video Conferencing with Zoom WordPress plugin prior to 4.6.6. A broken authentication flaw in a broken AJAX handler with nonce verification disabled allows unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and to retrieve the si...

7.5CVSS5.5AI score0.01211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:0 a.m.4 views

CVE-2026-1368

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

5.5AI score0.01211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20277

Name of the Vulnerable Software and Affected Versions Video Conferencing with Zoom WordPress plugin versions prior to 4.6.6 Description The Video Conferencing with Zoom WordPress plugin has an AJAX handler where the security check for generated signatures is disabled. This allows attackers who ar...

7.5CVSS5.3AI score0.01211EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-7248

Malware in sbrugna...

3.5CVSS6.4AI score0.01656EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-57851

Malicious code in bioql PyPI...

3.3CVSS4.2AI score0.00243EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-5543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide...

3.3CVSS5AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.5 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...

4.3CVSS6.2AI score0.02283EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:57 a.m.30 views

BIT-MOODLE-2023-5543 Moodle: duplicating a bigbluebutton activity assigns the same meeting id

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting...

3.3CVSS6.2AI score0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/11/09 10:15 p.m.2 views

CVE-2023-5543

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting...

3.3CVSS5.8AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2023/11/09 10:15 p.m.1 views

UBUNTU-CVE-2023-5543

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting...

3.3CVSS5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/09 9:35 p.m.27 views

CVE-2023-5543 Moodle: duplicating a bigbluebutton activity assigns the same meeting id

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting...

3.3CVSS6.7AI score0.00243EPSS
Exploits0References3
Krebs on Security
Krebs on Security
added 2023/10/02 3:43 p.m.28 views

Don’t Let Zombie Zoom Links Drag You Down

Many organizations -- including quite a few Fortune 500 firms -- have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely an...

6.9AI score
Exploits0
OSV
OSV
added 2023/07/26 4:15 a.m.4 views

CVE-2023-3947

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

5.3CVSS7.3AI score0.00322EPSS
Exploits0References3
Prion
Prion
added 2023/07/26 4:15 a.m.20 views

Hardcoded credentials

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

5CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/26 3:34 a.m.25 views

CVE-2023-3947 Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

3.7CVSS5.5AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.8 views

PT-2023-26960 · WordPress · Video Conferencing With Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...

5.3CVSS6.1AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/06/01 12:0 a.m.7 views

PT-2022-19485 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5 Description: BigBlueButton is an open source web conferencing system. An attacker who is able to obtain the meeting identifier for a meeting on a serve...

5.3CVSS5AI score0.00974EPSS
Exploits0References11
OSV
OSV
added 2020/07/30 1:15 p.m.4 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...

4.3CVSS6AI score0.02283EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.2 views

Pulse Secure Pulse Connect Secure and Pulse Policy Secure Information Disclosure Vulnerabilities

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution. A...

4.3CVSS7AI score0.02283EPSS
Exploits0References1
Rows per page
Query Builder