Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0
Typemaven
Namespaceorg.apache.openmeetings
Nameopenmeetings-parent
Version6.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.0
Latest_non_vulnerable_version9.0.0
Affected_by_vulnerabilities
0
url VCID-3xum-p9mm-kbc3
vulnerability_id VCID-3xum-p9mm-kbc3
summary 
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.

The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact


This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34020
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22113
published_at 2026-06-05T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.21994
published_at 2026-06-08T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.22051
published_at 2026-06-07T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22098
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34020
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/
url https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34020
4
reference_url https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/
url https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/12
6
reference_url https://github.com/advisories/GHSA-gcvm-c75m-h4p4
reference_id GHSA-gcvm-c75m-h4p4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcvm-c75m-h4p4
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
aliases CVE-2026-34020, GHSA-gcvm-c75m-h4p4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3
1
url VCID-556q-4wch-sfde
vulnerability_id VCID-556q-4wch-sfde
summary 
Improper Input Validation
An attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29246
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29108
published_at 2026-06-08T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29141
published_at 2026-06-07T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29175
published_at 2026-06-06T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29208
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29246
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
3
reference_url https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
4
reference_url https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
5
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2765
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2765
6
reference_url https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/
url https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29246
reference_id CVE-2023-29246
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29246
8
reference_url https://github.com/advisories/GHSA-mg5h-f3q8-c96g
reference_id GHSA-mg5h-f3q8-c96g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg5h-f3q8-c96g
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
1
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
3
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
aliases CVE-2023-29246, GHSA-mg5h-f3q8-c96g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde
2
url VCID-6fca-mmbn-k7b7
vulnerability_id VCID-6fca-mmbn-k7b7
summary 
Missing Authentication for Critical Function
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28326
reference_id
reference_type
scores
0
value 0.01053
scoring_system epss
scoring_elements 0.77942
published_at 2026-06-05T12:55:00Z
1
value 0.01053
scoring_system epss
scoring_elements 0.77928
published_at 2026-06-08T12:55:00Z
2
value 0.01053
scoring_system epss
scoring_elements 0.77939
published_at 2026-06-07T12:55:00Z
3
value 0.01053
scoring_system epss
scoring_elements 0.77948
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28326
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/1fb71af36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/1fb71af36
3
reference_url https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/
url https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28326
reference_id CVE-2023-28326
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28326
5
reference_url https://github.com/advisories/GHSA-3r48-3m8r-4r9w
reference_id GHSA-3r48-3m8r-4r9w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3r48-3m8r-4r9w
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-556q-4wch-sfde
2
vulnerability VCID-vbkk-qkme-uyh9
3
vulnerability VCID-vfk3-wtbw-kuf9
4
vulnerability VCID-vm9c-dvcd-3khf
5
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
aliases CVE-2023-28326, GHSA-3r48-3m8r-4r9w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7
3
url VCID-vbkk-qkme-uyh9
vulnerability_id VCID-vbkk-qkme-uyh9
summary 
Apache OpenMeetings Uses Hard-coded Cryptographic Key
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.

The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.


This issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33266
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17515
published_at 2026-06-05T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17394
published_at 2026-06-08T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-06-07T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.1751
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33266
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:47:33Z/
url https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33266
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33266
4
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/11
5
reference_url https://github.com/advisories/GHSA-wqxq-w68r-wg85
reference_id GHSA-wqxq-w68r-wg85
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqxq-w68r-wg85
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
aliases CVE-2026-33266, GHSA-wqxq-w68r-wg85
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbkk-qkme-uyh9
4
url VCID-vfk3-wtbw-kuf9
vulnerability_id VCID-vfk3-wtbw-kuf9
summary 
Improper Authentication
An attacker that has gained access to certain private information can use this to act as other user.

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29032
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41052
published_at 2026-06-05T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.40993
published_at 2026-06-08T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41024
published_at 2026-06-07T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41056
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29032
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f
3
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2764
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2764
4
reference_url https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/
url https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29032
reference_id CVE-2023-29032
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29032
6
reference_url https://github.com/advisories/GHSA-v9rm-7rv9-r3fw
reference_id GHSA-v9rm-7rv9-r3fw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9rm-7rv9-r3fw
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
1
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
3
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
aliases CVE-2023-29032, GHSA-v9rm-7rv9-r3fw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9
5
url VCID-vm9c-dvcd-3khf
vulnerability_id VCID-vm9c-dvcd-3khf
summary 
Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability
Sny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.

This issue affects Apache OpenMeetings: from 3.10 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33005
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.332
published_at 2026-06-05T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.33145
published_at 2026-06-08T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.33177
published_at 2026-06-07T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33214
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33005
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/
url https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33005
4
reference_url https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/
url https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/10
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/10
6
reference_url https://github.com/advisories/GHSA-78cg-fc6c-w44w
reference_id GHSA-78cg-fc6c-w44w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78cg-fc6c-w44w
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
aliases CVE-2026-33005, GHSA-78cg-fc6c-w44w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vm9c-dvcd-3khf
6
url VCID-xsja-94mz-hqbh
vulnerability_id VCID-xsja-94mz-hqbh
summary 
Apache OpenMeetings vulnerable to Deserialization of Untrusted Data
Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0

Description: Default clustering instructions at  https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54676
reference_id
reference_type
scores
0
value 0.06098
scoring_system epss
scoring_elements 0.9094
published_at 2026-06-07T12:55:00Z
1
value 0.06098
scoring_system epss
scoring_elements 0.90937
published_at 2026-06-08T12:55:00Z
2
value 0.06098
scoring_system epss
scoring_elements 0.90944
published_at 2026-06-05T12:55:00Z
3
value 0.06098
scoring_system epss
scoring_elements 0.90943
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54676
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923
3
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2787
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2787
4
reference_url https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/
url https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
5
reference_url http://www.openwall.com/lists/oss-security/2025/01/08/1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/08/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54676
reference_id CVE-2024-54676
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54676
7
reference_url https://github.com/advisories/GHSA-mjf9-4pcv-vfg7
reference_id GHSA-mjf9-4pcv-vfg7
reference_type
scores
url https://github.com/advisories/GHSA-mjf9-4pcv-vfg7
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
aliases CVE-2024-54676, GHSA-mjf9-4pcv-vfg7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0