VYPR
Vendor

Thm Health

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2023-47107HigNov 8, 2023
    risk 0.57cvss 8.8epss 0.01

    PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL…

  • CVE-2026-22800Jan 12, 2026
    risk 0.00cvss epss 0.00

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The…

  • CVE-2025-62781Oct 27, 2025
    risk 0.00cvss epss 0.00

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the…

  • CVE-2025-62524Oct 27, 2025
    risk 0.00cvss epss 0.00

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability…

  • CVE-2025-62523Oct 27, 2025
    risk 0.00cvss epss 0.00

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing (CORS) misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response…