Lucene search
+L

3248 matches found

ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.23 views

PT-2026-48525

Name of the Vulnerable Software and Affected Versions Zoom Contact Center for Windows versions prior to 7.0.0 Description Insufficient verification of data authenticity in the Remote Control feature may allow an authenticated user to achieve an escalation of privilege through local access...

7.8CVSS5.3AI score0.0008EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.14 views

PT-2026-47802

Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes may allow an unauthenticated user to conduct an escalation of privilege...

8.1CVSS5.2AI score0.00231EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.22 views

PT-2026-47803

Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes allows an unauthenticated user to perform an escalation of privilege via...

8.1CVSS5.2AI score0.00211EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.13 views

WordPress plugin WP-Ultimate-Map 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...

6.1CVSS5.9AI score0.00119EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.13 views

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References1
hackread
hackread
added 2026/05/27 6:8 p.m.15 views

Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms

Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign...

5.8AI score
Exploits0
snyk
snyk
added 2026/05/22 1:44 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/22 10:20 a.m.12 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS5.8AI score0.00254EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/22 10:20 a.m.28 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS0.00254EPSS
Exploits0References1
osv
osv
added 2026/05/22 10:20 a.m.3 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS7.1AI score0.00254EPSS
Exploits0References3
wired
wired
added 2026/05/21 6:0 a.m.20 views

The EU Is Going Through a Trump-Fueled Breakup With Big Tech

France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/05/15 7:57 a.m.14 views

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/15 7:57 a.m.17 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
nessus
nessus
added 2026/05/15 12:0 a.m.8 views

Zoom Rooms < 7.0.0 Untrusted Search Path (ZSB-26008)

The version of Zoom Rooms installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26008 advisory. - Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
snyk
snyk
added 2026/05/14 8:21 p.m.8 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS through the @html svg rendering path in the SVGPanZoom.svelte common component. An attacker can execute an arbitrary script in the browser by supplying a crafted SVG payload that is...

5.4CVSS5.8AI score0.00165EPSS
Exploits1References2
euvd
euvd
added 2026/05/13 9:32 p.m.12 views

EUVD-2026-30112

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
euvd
euvd
added 2026/05/13 9:32 p.m.13 views

EUVD-2026-30110

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

1.8CVSS5.8AI score0.00143EPSS
Exploits0References2
euvd
euvd
added 2026/05/13 9:32 p.m.11 views

EUVD-2026-30111

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References2
nvd
nvd
added 2026/05/13 7:17 p.m.15 views

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

4.3CVSS0.00143EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 7:17 p.m.11 views

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS0.00118EPSS
Exploits0References1
Rows per page
Query Builder