Vendor CVEs
Zoom Video Communications, Inc.
All CVEs
230 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22844 | Cri | 0.64 | 9.9 | 0.13 | Jan 20, 2026 | A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access. | ||
| CVE-2026-30903 | Cri | 0.62 | 9.6 | 0.00 | Mar 11, 2026 | External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2017-15049 | Hig | 0.62 | 8.8 | 0.17 | Dec 19, 2017 | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2017-15048 | Hig | 0.61 | 8.8 | 0.10 | Dec 19, 2017 | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||
| CVE-2026-53408 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2026-53407 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access. | ||
| CVE-2026-53406 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2026-30906 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||
| CVE-2026-30905 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30902 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2026-30900 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-49459 | Hig | 0.51 | 7.8 | 0.00 | Sep 9, 2025 | Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-25035 | Hig | 0.47 | 7.3 | 0.00 | Mar 21, 2025 | Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2,… | ||
| CVE-2026-30901 | Hig | 0.46 | 7.0 | 0.00 | Mar 11, 2026 | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | ||
| CVE-2025-58131 | Med | 0.43 | 6.6 | 0.00 | Sep 9, 2025 | Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access. | ||
| CVE-2024-27243 | Med | 0.42 | 6.5 | 0.00 | May 15, 2024 | Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2025-27442 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2025 | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||
| CVE-2025-27441 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2025 | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||
| CVE-2026-30904 | Low | 0.12 | 1.8 | 0.00 | May 13, 2026 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. | ||
| CVE-2005-1079 | 0.03 | — | 0.01 | May 2, 2005 | SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2025-67460 | 0.00 | — | 0.00 | Dec 10, 2025 | Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2025-67461 | 0.00 | — | 0.00 | Dec 10, 2025 | External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access. | |||
| CVE-2025-62484 | 0.00 | — | 0.00 | Nov 13, 2025 | Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2025-62483 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-62482 | 0.00 | — | 0.00 | Nov 13, 2025 | Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access. | |||
| CVE-2025-30662 | 0.00 | — | 0.00 | Nov 13, 2025 | Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-30669 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | |||
| CVE-2025-64741 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2025-64740 | 0.00 | — | 0.00 | Nov 13, 2025 | Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2025-64739 | 0.00 | — | 0.00 | Nov 13, 2025 | External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-64738 | 0.00 | — | 0.00 | Nov 13, 2025 | External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access. | |||
| CVE-2025-58133 | 0.00 | — | 0.00 | Oct 15, 2025 | Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58132 | 0.00 | — | 0.02 | Oct 15, 2025 | Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58135 | 0.00 | — | 0.00 | Sep 9, 2025 | Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-58134 | 0.00 | — | 0.00 | Sep 9, 2025 | Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. | |||
| CVE-2025-49461 | 0.00 | — | 0.00 | Sep 9, 2025 | Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | |||
| CVE-2025-49460 | 0.00 | — | 0.00 | Sep 9, 2025 | Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. | |||
| CVE-2025-49458 | 0.00 | — | 0.00 | Sep 9, 2025 | Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2025-49457 | 0.00 | — | 0.01 | Aug 12, 2025 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | |||
| CVE-2025-49456 | 0.00 | — | 0.00 | Aug 12, 2025 | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | |||
| CVE-2025-49464 | 0.00 | — | 0.01 | Jul 10, 2025 | Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access. | |||
| CVE-2025-49463 | 0.00 | — | 0.00 | Jul 10, 2025 | Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-49462 | 0.00 | — | 0.00 | Jul 10, 2025 | Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2025-46789 | 0.00 | — | 0.00 | Jul 10, 2025 | Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access. | |||
| CVE-2025-46788 | 0.00 | — | 0.00 | Jul 10, 2025 | Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. | |||
| CVE-2025-46786 | 0.00 | — | 0.00 | May 14, 2025 | Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. | |||
| CVE-2025-46785 | 0.00 | — | 0.01 | May 14, 2025 | Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2025-30668 | 0.00 | — | 0.00 | May 14, 2025 | Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2025-30667 | 0.00 | — | 0.00 | May 14, 2025 | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2025-30666 | 0.00 | — | 0.00 | May 14, 2025 | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. |
- risk 0.64cvss 9.9epss 0.13
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
- risk 0.62cvss 9.6epss 0.00
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.62cvss 8.8epss 0.17
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.61cvss 8.8epss 0.10
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
- risk 0.53cvss 8.1epss 0.00
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.53cvss 8.1epss 0.00
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
- risk 0.51cvss 7.8epss 0.00
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.47cvss 7.3epss 0.00
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2,…
- risk 0.46cvss 7.0epss 0.00
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
- risk 0.43cvss 6.6epss 0.00
Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.
- risk 0.42cvss 6.5epss 0.00
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
- risk 0.30cvss 4.6epss 0.00
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
- risk 0.30cvss 4.6epss 0.00
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
- risk 0.12cvss 1.8epss 0.00
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
- CVE-2005-1079May 2, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2025-67460Dec 10, 2025risk 0.00cvss —epss 0.00
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.
- CVE-2025-67461Dec 10, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
- CVE-2025-62484Nov 13, 2025risk 0.00cvss —epss 0.00
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2025-62483Nov 13, 2025risk 0.00cvss —epss 0.00
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-62482Nov 13, 2025risk 0.00cvss —epss 0.00
Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
- CVE-2025-30662Nov 13, 2025risk 0.00cvss —epss 0.00
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-30669Nov 13, 2025risk 0.00cvss —epss 0.00
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
- CVE-2025-64741Nov 13, 2025risk 0.00cvss —epss 0.00
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2025-64740Nov 13, 2025risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2025-64739Nov 13, 2025risk 0.00cvss —epss 0.00
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-64738Nov 13, 2025risk 0.00cvss —epss 0.00
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
- CVE-2025-58133Oct 15, 2025risk 0.00cvss —epss 0.00
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-58132Oct 15, 2025risk 0.00cvss —epss 0.02
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-58135Sep 9, 2025risk 0.00cvss —epss 0.00
Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-58134Sep 9, 2025risk 0.00cvss —epss 0.00
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
- CVE-2025-49461Sep 9, 2025risk 0.00cvss —epss 0.00
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
- CVE-2025-49460Sep 9, 2025risk 0.00cvss —epss 0.00
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
- CVE-2025-49458Sep 9, 2025risk 0.00cvss —epss 0.00
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
- CVE-2025-49457Aug 12, 2025risk 0.00cvss —epss 0.01
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
- CVE-2025-49456Aug 12, 2025risk 0.00cvss —epss 0.00
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
- CVE-2025-49464Jul 10, 2025risk 0.00cvss —epss 0.01
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.
- CVE-2025-49463Jul 10, 2025risk 0.00cvss —epss 0.00
Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-49462Jul 10, 2025risk 0.00cvss —epss 0.00
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2025-46789Jul 10, 2025risk 0.00cvss —epss 0.00
Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.
- CVE-2025-46788Jul 10, 2025risk 0.00cvss —epss 0.00
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
- CVE-2025-46786May 14, 2025risk 0.00cvss —epss 0.00
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
- CVE-2025-46785May 14, 2025risk 0.00cvss —epss 0.01
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
- CVE-2025-30668May 14, 2025risk 0.00cvss —epss 0.00
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
- CVE-2025-30667May 14, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
- CVE-2025-30666May 14, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
Page 1 of 5