3248 matches found
PT-2026-48525
Name of the Vulnerable Software and Affected Versions Zoom Contact Center for Windows versions prior to 7.0.0 Description Insufficient verification of data authenticity in the Remote Control feature may allow an authenticated user to achieve an escalation of privilege through local access...
PT-2026-47802
Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes may allow an unauthenticated user to conduct an escalation of privilege...
PT-2026-47803
Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes allows an unauthenticated user to perform an escalation of privilege via...
WordPress plugin WP-Ultimate-Map 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...
CVE-2026-30904
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...
Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms
Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...
CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
The EU Is Going Through a Trump-Fueled Breakup With Big Tech
France is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
Zoom Rooms < 7.0.0 Untrusted Search Path (ZSB-26008)
The version of Zoom Rooms installed on the remote host is prior to 7.0.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26008 advisory. - Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS through the @html svg rendering path in the SVGPanZoom.svelte common component. An attacker can execute an arbitrary script in the browser by supplying a crafted SVG payload that is...
EUVD-2026-30112
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
EUVD-2026-30110
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...
EUVD-2026-30111
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30904
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...