CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

Zoom WordPress plugin 4.6.6 contains a broken authentication caused by disabled nonce verification in an AJAX handler, letting unauthenticated attackers generate valid Zoom SDK signatures and retrieve the Zoom SDK key. id: CVE-2026-1368 info: name: Video Conferencing with Zoom API 4.6.6 -...

7.5CVSS5.8AI score0.32922EPSS

Exploits0References3

Snyk•added 2026/05/22 1:44 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

7.5CVSS5.8AI score0.00051EPSS

Exploits0References2

Vulnrichment•added 2026/05/22 10:20 a.m.•6 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS5.8AI score0.00051EPSS

Exploits0References1

Cvelist•added 2026/05/22 10:20 a.m.•19 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

4.9CVSS0.00051EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39653 WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through = 4.6.6...

4.3CVSS5.8AI score0.00034EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39653

CVE-2026-39653 affects the WordPress Video Conferencing with Zoom plugin up to version 4.6.6, described as a Missing Authorization vulnerability (Broken Access Control) due to an incorrectly configured access control security level. The Red Hat/NVD/CVE ecosystem records indicate this is a broken ...

4.3CVSS5.9AI score0.00034EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin Video Conferencing with Zoom 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00034EPSS

Exploits0References1

Snyk•added 2026/03/26 6:35 p.m.•3 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to missing timestamp validation in the Zoom webhook handler. An attacker can corrupt meeting state by replaying webhook requests. Remediation Upgrade...

2.2CVSS5.9AI score0.00016EPSS

Exploits0References2

Vulnrichment•added 2026/03/26 4:19 p.m.•0 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...

4.9CVSS5.8AI score0.00018EPSS

Exploits0References1

Cvelist•added 2026/03/26 4:19 p.m.•22 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

4.9CVSS0.00018EPSS

Exploits0References1

CVE•added 2026/03/26 4:19 p.m.•3 views

CVE-2026-3116

CVE-2026-3116 affects Mattermost Plugins with versions

4.9CVSS5.8AI score0.00018EPSS

Exploits0References1

SUSE CVE•added 2026/03/04 12:31 a.m.•1 views

SUSE CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

4.3CVSS5.9AI score0.00042EPSS

Exploits0References3

SUSE CVE•added 2026/03/04 12:31 a.m.•2 views

SUSE CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

4.3CVSS5.9AI score0.00042EPSS

Exploits0References3

OSV•added 2026/02/23 6:23 p.m.•2 views

GO-2026-4525 Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint in github.com/mattermost/mattermost-plugin-zoom

Mattermost Plugin Zoom fail to validate user identity and post ownership in the /api/v1/askPMI endpoint in github.com/mattermost/mattermost-plugin-zoom...

4.3CVSS5.4AI score0.00042EPSS

Exploits0References4

Cvelist•added 2026/02/18 6:0 a.m.•163 views

CVE-2026-1368 Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

0.32922EPSS

Exploits0References1

CNNVD•added 2026/02/18 12:0 a.m.•3 views

WordPress plugin Video Conferencing with Zoom 安全漏洞

7.5CVSS5.8AI score0.32922EPSS

Exploits0References1