113 matches found
CVE-2026-35090
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35090
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35090 Authentication Bypass in Slican telephone exchanges
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35090 Authentication Bypass in Slican telephone exchanges
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
CVE-2026-35090
CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...
Apple Live Caller ID Privacy Concerns
Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...
PT-2026-29332
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30290
CVE-2026-30290 concerns an arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1. The issue allows an attacker to overwrite critical internal files through the file import process, which can lead to arbitrary code execution or information exposure. The connected sourc...
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446
CVE-2026-28446 affects OpenClaw versions prior to 2026.2.1 with the voice-call extension enabled. A authentication bypass in inbound allowlist policy validation accepts empty caller IDs and uses suffix-based matching instead of strict equality, allowing remote attackers to bypass inbound access c...
GHSA-4RJ2-GPMH-QQ5X OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...
CVE-2026-20638
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions...
CVE-2026-20638
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions...
CVE-2026-20638
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions...
CVE-2026-20638
CVE-2026-20638 affects iOS and iPadOS. A logic issue allowed identifying information to leak to Live Caller ID app extensions when those extensions were disabled by the user. Apple fixed this in iOS 26.3 and iPadOS 26.3 by applying improved checks. The vulnerability is described as a logic/contro...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have security vulnerabilities, which stem from logical issues and may lead to...
PT-2026-7771
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description A logic issue existed where a user with Live Caller ID app extensions disabled could have identifying information leaked to those extensions. The issue was resolved through...