CVE-2026-22800
- EPSS 0.02%
- Veröffentlicht 12.01.2026 22:09:56
- Zuletzt bearbeitet 21.01.2026 18:42:22
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences ...
- EPSS 0.07%
- Veröffentlicht 27.10.2025 21:22:06
- Zuletzt bearbeitet 04.11.2025 18:37:22
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the curre...
CVE-2025-62524
- EPSS 0.06%
- Veröffentlicht 27.10.2025 20:18:42
- Zuletzt bearbeitet 04.11.2025 18:36:37
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This informatio...
CVE-2025-62523
- EPSS 0.07%
- Veröffentlicht 27.10.2025 20:10:51
- Zuletzt bearbeitet 04.11.2025 18:35:45
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing (CORS) misconfiguration in its middleware: it reflects the Origin request header back in the Access-Con...
CVE-2023-47107
- EPSS 0.28%
- Veröffentlicht 08.11.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 08:29:47
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be poss...