| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41127 | BigBlueButton's missing authorization allows viewer to inject/overwrite captions | bigbluebutton | bigbluebutton | Medium | 6.5 | 2026-04-21 23:24:47 | Deep Dive |
| CVE-2026-41126 | BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL" | bigbluebutton | bigbluebutton | Medium | 4.3 | 2026-04-21 23:22:35 | Deep Dive |
| CVE-2026-27736 | BigBlueButton has Open Redirect vulnerability in ApiController | bigbluebutton | bigbluebutton | Medium | 6.1 | 2026-02-25 16:27:02 | Deep Dive |
| CVE-2026-27467 | BigBlueButton: Audio from participants to the server initially unmuted | bigbluebutton | bigbluebutton | Low | 2.0 | 2026-02-21 07:18:26 | Deep Dive |
| CVE-2026-27466 | BigBlueButton: Exposed ClamAV port enables Denial of Service | bigbluebutton | bigbluebutton | High | 7.2 | 2026-02-21 07:14:50 | Deep Dive |
| CVE-2025-61602 | BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId | bigbluebutton | bigbluebutton | High | 7.5 | 2025-10-09 20:40:05 | Deep Dive |
| CVE-2025-61601 | BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation | bigbluebutton | bigbluebutton | High | 7.5 | 2025-10-09 20:29:25 | Deep Dive |
| CVE-2025-55200 | BigBlueButton vulnerable to Stored XSS via name of user at Shared Notes | bigbluebutton | bigbluebutton | High | 7.1 | 2025-10-09 18:51:58 | Deep Dive |
| CVE-2023-7296 | BigBlueButton <= 3.0.0-beta.4 - Authenticated (Author+) Stored Cross-Site Scripting | blindsidenetworks | BigBlueButton | Medium | 6.4 | 2024-10-16 07:31:50 | Deep Dive |
| CVE-2024-39302 | Some bbb-record-core files installed with wrong file permission | bigbluebutton | bigbluebutton | Low | 3.7 | 2024-06-28 20:51:59 | Deep Dive |
| CVE-2024-38518 | bbb-web API additional parameters considered | bigbluebutton | bigbluebutton | Medium | 4.6 | 2024-06-28 20:25:41 | Deep Dive |
| CVE-2022-36029 | BigBlueButton Greenlight Open Redirect vulnerability | bigbluebutton | greenlight | Critical | 9.1 | 2024-04-25 20:42:15 | Deep Dive |
| CVE-2022-36028 | BigBlueButton Greenlight Open Redirect vulnerability | bigbluebutton | greenlight | Critical | 9.1 | 2024-04-25 20:36:38 | Deep Dive |
| CVE-2023-43798 | BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass) | bigbluebutton | bigbluebutton | Medium | 5.6 | 2023-10-30 22:24:59 | Deep Dive |
| CVE-2023-43797 | BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby | bigbluebutton | bigbluebutton | Medium | 6.3 | 2023-10-30 22:18:12 | Deep Dive |
| CVE-2023-42804 | BigBlueButton Path Traversal – Reading Certain File Extensions | bigbluebutton | bigbluebutton | Low | 3.1 | 2023-10-30 18:14:41 | Deep Dive |
| CVE-2023-42803 | BigBlueButton Unrestricted File Upload vulnerability | bigbluebutton | bigbluebutton | Medium | 5.3 | 2023-10-30 18:11:36 | Deep Dive |
| CVE-2023-39991 | WordPress BigBlueButton Plugin <= 3.0.0-beta.4 is vulnerable to Cross Site Scripting (XSS) | Blindside Networks | BigBlueButton | High | 7.1 | 2023-09-04 10:12:51 | Deep Dive |
| CVE-2023-33176 | Blind SSRF When Uploading Presentation in BigBlueButton | bigbluebutton | bigbluebutton | Medium | 4.8 | 2023-06-26 19:50:25 | Deep Dive |
| CVE-2022-23488 | BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data | bigbluebutton | bigbluebutton | Medium | 6.5 | 2022-12-17 00:28:47 | Deep Dive |