Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

Pexip Infinity before 18 allows remote Denial of Service (XML parsing).

Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.