242 matches found
CVE-2026-53411
CVE-2026-53411 affects Zoom Workplace VDI Plugin for Windows prior to 6.6.14. The issue is described in CVE sources as an improper input validation that could enable an authenticated local user to escalate privileges. Exploitation details are not provided in the documents. The CVSS v3.1 base scor...
Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 CVSS score: 9.8, affects Zoom Workplace for Windows before version 7.0.0 and Zoom Workplace VDI Client for...
PT-2026-60396
A time-of-check to time-of-use TOCTOU race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges...
PT-2026-60395
Name of the Vulnerable Software and Affected Versions Zoom Clients for Windows affected versions not specified Description A time-of-check to time-of-use TOCTOU race condition occurs during the installation and uninstallation process. This flaw allows an authenticated local user to escalate...
Zoom Workplace VDI Client < 7.0.10 Vulnerability (ZSB-26014)
The version of Zoom Workplace VDI Client installed on the remote host is prior to 7.0.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
EUVD-2026-30111
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30905
CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...
Zoom Workplace VDI Plugin Windows Universal Installer 安全漏洞
The Zoom Workplace VDI Plugin Windows Universal Installer is a Windows plugin provided by the US company Zoom, designed for use in virtual desktop infrastructure environments. Versions of the Zoom Workplace VDI Plugin Windows Universal Installer prior to version 6.6.11 contained security...
PT-2026-40760
Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...
CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...
CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...
Zoom Workplace VDI Client 6.6 < 6.6.11 Vulnerability (ZSB-26002)
The version of Zoom Workplace VDI Client installed on the remote host is between 6.6 and 6.6.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-26002 advisory. - Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an...
Zoom Workplace VDI Client < 6.4.17 Vulnerability (ZSB-26005)
The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.4.17. It is, therefore, affected by a vulnerability as referenced in the ZSB-26005 advisory. - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an...
Fortinet FortiSandbox upload_vdi_file Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadvdifile endpoint. The issue results from the lack of proper validation of a...
EUVD-2025-175323
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2025-64740
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access...