What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15.
Explanation of Vulnerability in Simple Terms
02Summary
KI Live Video Conferences versions 5.5.15 and earlier expose sensitive information to unauthenticated attackers over the network. An attacker can read confidential data without needing credentials or user interaction. The vulnerability stems from improper exposure of sensitive information in the application's data handling.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the application without authentication.
Potential impact on your site
04Site Impact
Confidential data may be exposed to anyone on the network who accesses the application.
Conditions required to exploit
05Prerequisites
Network access to the affected application; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated