Aggregates CVE and security vulnerability intelligence across all hamastar-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface automated decompression, vendor surface archive handling, and vendor surface file processing contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1332 | MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information. | [email protected] | 6.9 | 0.04% | 2026-01-22 | 2026-02-17 |
| CVE-2026-1331 | MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | [email protected] | 9.3 | 0.08% | 2026-01-22 | 2026-02-17 |
| CVE-2026-1330 | MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | [email protected] | 8.7 | 0.02% | 2026-01-22 | 2026-02-17 |
| CVE-2024-6118 | A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | [email protected] | 9.3 | 0.11% | 2024-08-05 | 2024-08-30 |
| CVE-2024-6117 | A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. | [email protected] | 9.3 | 0.67% | 2024-08-05 | 2024-08-30 |