Zoom Video Communications, Inc.
Products
66- 38 CVEs
- 32 CVEs
- 30 CVEs
- 28 CVEs
- 20 CVEs
- 17 CVEs
- 15 CVEs
- 15 CVEs
- 14 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- View all 66 products →
Recent CVEs
230| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22844 | Cri | 0.64 | 9.9 | 0.13 | Jan 20, 2026 | A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access. | ||
| CVE-2026-30903 | Cri | 0.62 | 9.6 | 0.00 | Mar 11, 2026 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2017-15049 | Hig | 0.62 | 8.8 | 0.17 | Dec 19, 2017 | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2017-15048 | Hig | 0.61 | 8.8 | 0.10 | Dec 19, 2017 | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2026-53408 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2026-53407 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2026-53406 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2026-30906 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2026-30905 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30902 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30900 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-49459 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-25035 | Hig | 0.47 | 7.3 | 0.00 | Mar 21, 2025 | Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2,… | ||
| CVE-2026-30901 | Hig | 0.46 | 7.0 | 0.00 | Mar 11, 2026 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-58131 | Med | 0.43 | 6.6 | 0.00 | Sep 9, 2025 | Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | ||
| CVE-2024-27243 | Med | 0.42 | 6.5 | 0.00 | May 15, 2024 | Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-27442 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2025 | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||
| CVE-2025-27441 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2025 | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||
| CVE-2026-30904 | Low | 0.12 | 1.8 | 0.00 | May 13, 2026 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. | ||
| CVE-2005-1079 | 0.03 | — | 0.01 | May 2, 2005 | SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
- risk 0.64cvss 9.9epss 0.13
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
- risk 0.62cvss 9.6epss 0.00
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.62cvss 8.8epss 0.17
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.61cvss 8.8epss 0.10
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.53cvss 8.1epss 0.00
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.53cvss 8.1epss 0.00
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.51cvss 7.8epss 0.00
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.47cvss 7.3epss 0.00
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2,…
- risk 0.46cvss 7.0epss 0.00
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.43cvss 6.6epss 0.00
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.
- risk 0.42cvss 6.5epss 0.00
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
- risk 0.30cvss 4.6epss 0.00
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
- risk 0.30cvss 4.6epss 0.00
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
- risk 0.12cvss 1.8epss 0.00
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
- CVE-2005-1079May 2, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.