7 matches found
CVE-2025-62603
Fast DDS (DDS security) CVE-2025-62603 arises from the CDR parser deserializing the entire DataHolderSeq in ParticipantGenericMessage, allowing an out-of-memory condition and remote termination. Affected versions prior to the patch (3.4.1, 3.3.1, 2.6.11) are addressed by the vendor, and remediati...
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
PT-2025-8932 · WordPress · Jeg Elementor Kit
Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template da...
PT-2024-26630 · Unknown · Otter Blocks Pro
Name of the Vulnerable Software and Affected Versions: Otter Blocks PRO versions 2.6.11 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the confidentiality of the data. There is no information provided about the estimat...
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
CVE-2023-43797 BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
ansible: Information disclosure in vvv+ mode with no_log on
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with nolog on that can lead to leakage of sensible data...