CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

CVE-2026-27467

CVE-2026-27467 affects BigBlueButton up to version 3.0.19. When first joining a session with the microphone muted, the client sends audio to the server regardless of mute state; the server discards media, so it is not audible to other participants, but a malicious server operator could access the...

PT-2026-21365

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

PT-2025-49836

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

CVE-2025-6515

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

EUVD-2024-21085

Malicious code in bioql PyPI...

EUVD-2025-21132

Malicious code in bioql PyPI...

CVE-2024-55513

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadnetaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permission...

Ivanti ITSM 代码问题漏洞

Ivanti ITSM is an IT service management solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti ITSM versions prior to 2023.4. An attacker exploited the vulnerability to perform a file write operation to the server...

PT-2023-19128 · WordPress · Wpgraphql

Name of the Vulnerable Software and Affected Versions: WPGraphQL versions 1.14.5 and earlier Description: A Server-Side Request Forgery SSRF issue affects WPGraphQL, allowing authenticated users with media upload capabilities to execute the createMediaItem mutation and potentially gain unwarrante...