Skip to main content

Enterprise Video Platform

2 CVEs product

Monthly

CVE-2026-12692 CRITICAL PATCH Act Now

Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) lets a remote, unauthenticated attacker change a victim's password without verifying the existing credential (CWE-620), enabling full account takeover. Reported by Turkey's national CERT (TR-CERT/USOM) and rated CVSS 9.8, the flaw grants complete control over targeted accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Enterprise Video Platform
NVD
CVSS 3.1
9.8
CVE-2026-12691 HIGH PATCH This Week

Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).

Authentication Bypass Enterprise Video Platform
NVD
CVSS 3.1
7.5
CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) lets a remote, unauthenticated attacker change a victim's password without verifying the existing credential (CWE-620), enabling full account takeover. Reported by Turkey's national CERT (TR-CERT/USOM) and rated CVSS 9.8, the flaw grants complete control over targeted accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Enterprise Video Platform
NVD
CVSS 7.5
HIGH PATCH This Week

Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).

Authentication Bypass Enterprise Video Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy