Security Vulnerabilities
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-09
Azure Entra ID Elevation of Privilege Vulnerability
CVSS Score
9.6
EPSS Score
0.001
Published
2025-10-09
Azure Entra ID Elevation of Privilege Vulnerability
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-09
Azure PlayFab Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-09
M365 Copilot Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
Redis Enterprise Elevation of Privilege Vulnerability
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-09
Copilot Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-09
Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-09
Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-10-09