Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).

Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.