3228 matches found
Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation
Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...
CVE-2026-6964
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
CVE-2026-6964 Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
EUVD-2026-37031
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
CVE-2026-6964
The CVE-2026-6964 entry covers the WordPress plugin Video Conferencing with Zoom (versions up to 4.6.7). It states an authorization bypass in the get_auth AJAX action, allowing unauthenticated attackers to obtain the site’s Zoom SDK API key and a freshly-signed JWT usable with the Zoom Web SDK to...
PT-2026-49608
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
WordPress Video Conferencing with Zoom plugin <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability
Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability discovered by aetta in WordPress Plugin Video Conferencing with Zoom versions = 4.6.7...
CVE-2026-53408
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53407
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53406
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
EUVD-2026-36523
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53408
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53408
The CVE-2026-53408 vulnerability affects Zoom Workplace: Android before 7.0.4 and iOS before 7.0.3. It is due to Improper Authorization in the Handler for a Custom URL Scheme, enabling an unauthenticated privilege escalation via network access. The CVSSv3.1 base score is 8.1 (High) with Network a...
CVE-2026-53408
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53407
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
EUVD-2026-36522
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53407
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-53407
CVE-2026-53407 describes an "Improper Authorization" in the Custom URL Scheme handler of Zoom Workplace. Affected versions are Android < 7.0.4 and iOS
CVE-2026-53406
CVE-2026-53406 affects the Zoom Contact Center for Windows prior to version 7.0.0. The root cause is Insufficient Verification of Data Authenticity in the Remote Control feature, which may allow an authenticated user to perform a local privilege escalation. Impact, per the entry, is elevated priv...
CVE-2026-53406
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...