CVE-2017-6551 — CVSS 9.8 (critical): Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors…
CVE-2015-4719 — CVSS 9.8 (critical): The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2022-27933 — CVSS 8.2 (high): Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
CVE-2022-26656 — CVSS 8.2 (high): Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
CVE-2025-59683 — CVSS 8.2 (high): Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with…
CVE-2024-37917 — CVSS 7.5 (high): Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a…
CVE-2020-12824 — CVSS 7.5 (high): Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
CVE-2020-13387 — CVSS 7.5 (high): Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
CVE-2022-29286 — CVSS 7.5 (high): Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar…
CVE-2023-31289 — CVSS 7.5 (high): Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
CVE-2023-31455 — CVSS 7.5 (high): Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
CVE-2025-30080 — CVSS 7.5 (high): Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary…
CVE-2025-32095 — CVSS 7.5 (high): Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a…
CVE-2025-32096 — CVSS 7.5 (high): Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software…
CVE-2025-48704 — CVSS 7.5 (high): Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software…
CVE-2025-66377 — CVSS 7.5 (high): Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already…
CVE-2025-66379 — CVSS 7.5 (high): Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software…
CVE-2025-66443 — CVSS 7.5 (high): Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation…
CVE-2020-25868 — CVSS 7.5 (high): Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a…
CVE-2021-31925 — CVSS 7.5 (high): Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service…
CVE-2022-23228 — CVSS 7.5 (high): Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources…
CVE-2022-26655 — CVSS 7.5 (high): Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a…
CVE-2022-26657 — CVSS 7.5 (high): Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
CVE-2022-27928 — CVSS 7.5 (high): Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
CVE-2014-8779 — CVSS 7.1 (high): Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to…
CVE-2017-17477 — CVSS 6.1 (medium): Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
CVE-2022-27930 — CVSS 5.9 (medium): Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique…
CVE-2025-49088 — CVSS 5.9 (medium): Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper…
CVE-2025-66378 — CVSS 5.9 (medium): Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect…
CVE-2020-24615 — CVSS 5.3 (medium): Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
CVE-2022-25357 — CVSS 5.3 (medium): Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but…
CVE-2024-33850 — CVSS 4.3 (medium): Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform…