CVE-2026-1368

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

CVE-2026-1368 Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation

The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

CVE-2025-11760 eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams <= 1.5.6 - Unauthenticated Sensitive Information Exposure

The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting vie...

PT-2025-43694

Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...

EUVD-2023-40482

Malicious code in bioql PyPI...

EUVD-2023-42951

Malicious code in bioql PyPI...

PT-2025-7920 · Zoom · Zoom Sdks +1

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs affected versions not specified Description: A buffer overflow issue may allow an authenticated user to conduct a denial of service via network access. Recommendations: At the moment, there is no information about...

PT-2023-28870 · Zoom · Zoom Mobile App For Android +3

Name of the Vulnerable Software and Affected Versions: Zoom Mobile App for Android versions prior to 5.16.0 Zoom Mobile App for iOS versions prior to 5.16.0 Zoom SDKs for Android versions prior to 5.16.0 Zoom SDKs for iOS versions prior to 5.16.0 Description: The issue is related to cryptographic...

CVE-2023-39217

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access...

CVE-2023-36533

Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access...

Input validation

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access...

CVE-2023-39217

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access...

CVE-2023-39217

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access...

CVE-2023-39217

The CVE-2023-39217 issue affects the Zoom SDK prior to version 5.14.10, caused by improper input validation in the SDK, enabling an unauthenticated attacker to trigger a denial of service over the network. Existence and details are supported by multiple connected documents, including PT-2023-2683...

CVE-2023-36533

CVE-2023-36533 affects Zoom Client SDKs prior to 5.14.7, where an unauthenticated actor could trigger uncontrolled resource consumption over the network to cause a denial of service. Public details across connected sources confirm the vulnerability in Zoom SDK components and identify the affected...

Malicious code in zoom-sdk-native-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c46adede333f871f84adfafa02883ac6822b07a6f9e68d0b577ec5787d1f7d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7412 Malicious code in zoom-sdk-native-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c46adede333f871f84adfafa02883ac6822b07a6f9e68d0b577ec5787d1f7d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...