CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

CVE-2026-26978 Free PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.php

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

FreePBX 代码问题漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.71 and 17.0.6 contained code vulnerabilities. These vulnerabilities stemmed from the backup module failing ...

PT-2026-38781

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

BIT-JAVA-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

BIT-JAVA-MIN-2023-21954

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

PT-2026-37970

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

PT-2026-26157

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

FreeBPX 17.0.x < 17.0.6 Multiples Vulnerabilities

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities : - An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting th...

Mozilla Thunderbird ESR < 17.0.6

The version of Thunderbird ESR installed on the remote Windows host is prior to 17.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory. - Call content level constructor as if from a chrome/privileged pageCVE-2013-1670 CVE-2013-1670 Note that Nessus has not...

Mozilla Firefox ESR < 17.0.6

The version of Firefox ESR installed on the remote Windows host is prior to 17.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2013-42 advisory. - Call content level constructor as if from a chrome/privileged pageCVE-2013-1670 CVE-2013-1670 Note that Nessus has not...

CVE-2025-61675

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

CVE-2025-61678

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand...

CVE-2025-59051

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...

CVE-2025-61678 FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand...

CVE-2025-61678 FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand...

EUVD-2025-34454

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34482

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...

CVE-2025-59051 FreePBX Endpoint Manager command injection via Network Scanning feature

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...

CVE-2025-55209

contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting XSS vulnerability in FreePBX allows a low-privileged User Control Panel UC...