14 matches found
CVE-2026-22800
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...
CVE-2025-62781
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62523
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62524
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62781 PILOS is missing session regeneration after password change
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62524
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62524 PILOS Exposes PHP version
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
EUVD-2025-36363
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523
PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
PT-2025-44037
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...
PT-2025-44055
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously...