📦 Opencast

Opencast versions before 9.10 and 10.6 allow attackers with media ingestion privileges to include local file URLs in media packages, exposing sensitive files from the host system through the web inter...

CVE-2021-32623 is a billion laughs attack vulnerability in Opencast that allows authenticated users with ingest privileges to execute a permanent denial of service attack using a single HTTP request. ...

Opencast versions before 17.8 and 18.2 have a stored cross-site scripting (XSS) vulnerability where user-supplied metadata (like titles and descriptions) is rendered without proper sanitization in the...

Opencast's editor may publish videos without user notification when users with write access click 'Save & Publish' then select 'Save' instead. This could accidentally expose internal media not intende...

Opencast versions before 17.6 incorrectly send hashed global system account credentials to attacker-controlled URLs when fetching mediapackage elements. This allows authenticated users with ingest per...