Every CVE whose affected-product data names Apereo Opencast, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2021-43821 — CVSS 9.9 (critical): Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to…
CVE-2020-5206 — CVSS 8.7 (high): In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication…
CVE-2021-32623 — CVSS 8.1 (high): Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable…
CVE-2020-5229 — CVSS 7.7 (high): Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes…
CVE-2020-5230 — CVSS 7.7 (high): Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for…
CVE-2020-5228 — CVSS 7.6 (high): Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the…
CVE-2021-43807 — CVSS 7.5 (high): Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing…
CVE-2018-16153 — CVSS 7.5 (high): An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts…
CVE-2020-5222 — CVSS 6.8 (medium): Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key…
CVE-2017-1000221 — CVSS 6.5 (medium): In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will…
CVE-2024-52797 — CVSS 6.5 (medium): Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's…
CVE-2025-54380 — CVSS 6.5 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast…
CVE-2022-41965 — CVSS 5.7 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5…
CVE-2022-29237 — CVSS 5.4 (medium): Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users…
CVE-2025-61788 — CVSS 5.4 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2…
CVE-2021-21318 — CVSS 5.4 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2…
CVE-2025-55202 — CVSS 5.3 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions…
CVE-2020-26234 — CVSS 4.8 (medium): Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP…
CVE-2020-5231 — CVSS 4.8 (medium): In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the…
CVE-2025-61906 — CVSS 4.3 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2…