CVE-2026-27736 BigBlueButton has Open Redirect vulnerability in ApiController

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No...

EUVD-2023-23742

Malicious code in bioql PyPI...

CVE-2023-1494

A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may ...

WebView2-Cookie-Stealer - Attacking With WebView2 Applications

Please read this blog post to get more information. Source Code This code is a modified version of Microsoft's WebView2 Code. The current code can be cleaned up and made much better. Demo Launch Example Usage Example Usage Tested onWindows 10 & 11. When the binary is executed...

CVE-2020-28954

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name...

CVE-2020-28954

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name...

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...