24h | 7d | 30d

CVE-2026-27466

Overview

  • bigbluebutton
  • bigbluebutton
21 Feb 2026
Published
21 Feb 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV

Description

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both ports (3310 and 7357) to the internet. A remote attacker can use this to send complex or large documents to clamd and waste server resources, or shutdown the clamd process. The clamd documentation explicitly warns about exposing this port. Enabling ufw (ubuntu firewall) during install does not help, because Docker routes container traffic through the nat table, which is not managed or restricted by ufw. Rules installed by ufw in the filter table have no effect on docker traffic. In addition, the provided example also mounts /var/bigbluebutton with write permissions into the container, which should not be required. Future vulnerabilities in clamd may allow attackers to manipulate files in that folder. Users are unaffected unless they have opted in to follow the extra instructions from BigBlueButton's documentation. This issue has been fixed in version 3.0.22.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
Raphael @0x3e4

BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467

hecate.pw/vulnerabilities?sear

Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis

#vulnerability #cve #security #InfoSec #bigbluebutton

  • 0
  • 0
  • 0
  • Last hour

CVE-2025-65715

Overview

  • Pending
16 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

Three critical vulnerabilities (CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717) have been discovered in four popular Visual Studio Code extensions, downloaded over 128 million times, posing a significant risk to developer environments. These flaws allow for actions ranging from remote file exfiltration to remote code execution, highlighting a major security blind spot in the software supply chain.
cybersecuritynews.com/popular-

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-65717

Overview

  • Pending
16 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

Three critical vulnerabilities (CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717) have been discovered in four popular Visual Studio Code extensions, downloaded over 128 million times, posing a significant risk to developer environments. These flaws allow for actions ranging from remote file exfiltration to remote code execution, highlighting a major security blind spot in the software supply chain.
cybersecuritynews.com/popular-

  • 0
  • 0
  • 0
  • 20h ago

CVE-2025-65716

Overview

  • Pending
16 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

Three critical vulnerabilities (CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717) have been discovered in four popular Visual Studio Code extensions, downloaded over 128 million times, posing a significant risk to developer environments. These flaws allow for actions ranging from remote file exfiltration to remote code execution, highlighting a major security blind spot in the software supply chain.
cybersecuritynews.com/popular-

  • 0
  • 0
  • 0
  • 20h ago
Showing 71 to 74 of 74 CVEs