CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

EUVD-2026-33300

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

PT-2026-44842

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client id is required. The validateClient method in ClientRepository.php unconditionally returns true,...

PT-2026-38786

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

PT-2026-38794

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

FreePBX api 操作系统命令注入漏洞

FreePBX API is an open-source plugin developed by FreePBX. Versions of the FreePBX API module prior to 17.0.8 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the GraphQL mutation input fields in the initiateGqlAPIProcess function being pass...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

Oracle Java SE Security Update (oct2023) 03 - Linux

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2023-22091

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit...

KLA61443 Multiple vulnerabilities in Oracle Java SE and GraalVM

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Code execution vulnerability in CORBA can be exploited to execute arbitrary code...

Sophos XG firewall Admin Portal SQL Injection Vulnerability

Sophos XG firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos UK.Admin Portal is one of the management portals. A SQL injection vulnerability exists in the AccountStatus.jsp file of Admin Portal in Sophos XG firewall version 17.0.8 MR-8. The...

Sophos XG firewall Admin Portal shell escape vulnerability

Sophos XG firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos UK.Admin Portal is one of the management portals. A security vulnerability exists in /webconsole/Controller of Admin Portal in Sophos XG firewall version 17.0.8 MR-8. The vulnerability ca...

Sophos XG firewall API Configuration component shell escape vulnerability

Sophos XG firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos UK.API Configuration is one of the API configuration components. A security vulnerability exists in the /webconsole/APIController of the API Configuration component in Sophos XG firewall...

Cross-site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

VulnCheck KEV: CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS...

Mozilla Thunderbird Multiple XSS Vulnerabilities (Feb 2014) - Windows

Mozilla Thunderbird is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla Thunderbird Multiple Vulnerabilities - August 13 (Windows)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnaug13win.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - August 13 Windows Authors: Thanga Prakash S Copyrigh...

Mozilla Thunderbird < 17.0.8 Multiple Vulnerabilities

Binary data 6979.prm...

Mozilla Thunderbird ESR Multiple Vulnerabilities - August 13 (Mac OS X)

The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvulnaug13macosx.nasl 6079 2017-05-08 09:03:33Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities - August 13 Mac OS X Authors: Thanga...

CentOS Update for thunderbird CESA-2013:1142 centos5

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2013:1142 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...