📦 Bigbluebutton

CVE-2020-27605 is a critical vulnerability in BigBlueButton that allows remote code execution through malicious EPS files. Attackers can exploit Ghostscript's weak sandbox to execute arbitrary code on...

This vulnerability allows any authenticated user in a BigBlueButton virtual classroom meeting to crash the chat functionality for all participants by sending a malformed reactionEmojiId in a GraphQL m...

BigBlueButton web conferencing systems are vulnerable to regular expression denial of service (ReDoS) attacks through malicious User-Agent headers. Attackers can send specially crafted requests contai...

BigBlueButton versions 3.0.19 and below have a vulnerability where clients send audio to the server even when muted during initial session join. While the server discards this audio from being heard b...