VYPR
Vendor

Trueconf

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-3502HigKEVMar 30, 2026
    risk 0.63cvss 7.8epss 0.06

    TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in…

  • CVE-2022-46764Dec 27, 2022
    risk 0.03cvss epss 0.02

    A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

  • CVE-2025-66824Dec 30, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info…

  • CVE-2022-46763Dec 27, 2022
    risk 0.00cvss epss 0.01

    A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.

  • CVE-2017-20120Jun 29, 2022
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to…

  • CVE-2017-20116Jun 29, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch…

  • CVE-2017-20113Jun 29, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…