CVE Tools

pexip

Communicationscommercial

49

Cumulative CVEs

7

Monthly snapshots

#40

Peak rank

Top products

infinity9 pexip infinity9

Latest CVEs

The 15 most recently published vulnerabilities affecting pexip.

CVE-2025-66379Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of ser...7.5Dec 25, 2025
CVE-2025-66378Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.5.9Dec 25, 2025
CVE-2025-66377Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infi...7.5Dec 25, 2025
CVE-2025-66443Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a softwa...7.5Dec 25, 2025
CVE-2025-59683Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacke...8.2Dec 25, 2025
CVE-2025-48704Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.7.5Dec 25, 2025
CVE-2025-49088Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacke...5.9Dec 25, 2025
CVE-2025-32096Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.7.5Dec 25, 2025
CVE-2025-32095Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.7.5Dec 25, 2025
CVE-2025-30080Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).7.5Apr 2, 2025
CVE-2024-37917Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.7.5Apr 2, 2025
CVE-2024-33850Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are...4.3Jun 10, 2024
CVE-2023-40236In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.5.3Dec 25, 2023
CVE-2023-37225Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.6.1Dec 25, 2023
CVE-2023-31455Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.7.5Dec 25, 2023