Skip to main content

Vexa

1 CVEs product

Monthly

CVE-2026-25058 HIGH PATCH This Week

Unauthenticated access to meeting transcripts in Vexa transcription-collector service versions before 0.10.0-260419-1910 allows remote attackers to retrieve sensitive business conversations, credentials, and personally identifiable information. The service exposes an internal endpoint without authentication, enabling enumeration of meeting IDs and bulk extraction of confidential data. No public exploit identified at time of analysis, but exploitation requires only standard HTTP requests with no special conditions (CVSS AV:N/AC:L/PR:N/UI:N).

Authentication Bypass Vexa
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated access to meeting transcripts in Vexa transcription-collector service versions before 0.10.0-260419-1910 allows remote attackers to retrieve sensitive business conversations, credentials, and personally identifiable information. The service exposes an internal endpoint without authentication, enabling enumeration of meeting IDs and bulk extraction of confidential data. No public exploit identified at time of analysis, but exploitation requires only standard HTTP requests with no special conditions (CVSS AV:N/AC:L/PR:N/UI:N).

Authentication Bypass Vexa
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy