CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

VulnCheck KEV•added 2026/01/28 12:0 a.m.•8 views

VulnCheck KEV: CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

8.6CVSS5.8AI score0.84417EPSS

In wildExploits4References5

RedhatCVE•added 2025/12/11 11:4 p.m.•3 views

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

6.9CVSS6.6AI score0.00228EPSS

Exploits0References1

NVD•added 2025/12/10 11:15 p.m.•1 views

CVE-2025-67513

6.9CVSS0.00228EPSS

Exploits0References1

CVE•added 2025/12/10 10:43 p.m.•18 views

CVE-2025-67513

CVE-2025-67513 affects FreePBX Endpoint Manager (module for managing telephony endpoints in FreePBX). Versions prior to 16.0.96 and 17.0.1 through 17.0.9 use a weak default 6‑digit app_password, which can be brute-forced. Depending on local configuration, this password could grant access to the e...

6.9CVSS6.2AI score0.00228EPSS

Exploits0References1

EUVD•added 2025/12/10 10:43 p.m.•2 views

EUVD-2025-202640

6.9CVSS6AI score0.00228EPSS

Exploits0References1

Vulnrichment•added 2025/12/10 10:43 p.m.•4 views

CVE-2025-67513 FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API

6.9CVSS6.2AI score0.00228EPSS

Exploits0References1

Cvelist•added 2025/12/10 10:43 p.m.•20 views

CVE-2025-67513 FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API

6.9CVSS0.00228EPSS

Exploits0References1

RedhatCVE•added 2025/12/10 10:20 p.m.•6 views

CVE-2025-66039

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

9.3CVSS7AI score0.02976EPSS

Exploits8References1

CNNVD•added 2025/12/10 12:0 a.m.•6 views

FreePBX Endpoint Manager 安全漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. A security vulnerability exists in FreePBX Endpoint Manager versions prior to 16.0.96 and 17.0.1 through 17.0.9, which stems from a weak default password that can be brute-force broken...

6.9CVSS6.8AI score0.00228EPSS

Exploits0References2

Positive Technologies•added 2025/12/10 12:0 a.m.•4 views

PT-2025-50554

6.9CVSS6.5AI score0.00228EPSS

Exploits0References3

Cvelist•added 2025/12/09 9:32 p.m.•18 views

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

9.3CVSS0.02976EPSS

Exploits8References3

Vulnrichment•added 2025/12/09 9:32 p.m.•3 views

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

9.3CVSS6.7AI score0.02976EPSS

Exploits8References3

ATTACKERKB•added 2025/12/09 9:32 p.m.•5 views

CVE-2025-66039

9.8CVSS6AI score0.02976EPSS

Exploits8References7Affected Software1

CNNVD•added 2025/12/09 12:0 a.m.•3 views

FreePBX Endpoint Manager 授权问题漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. An authorization issue vulnerability exists in FreePBX Endpoint Manager that stems from an authentication bypass that could lead to unauthorized access...

9.8CVSS6.8AI score0.02976EPSS

Exploits8References4

RedhatCVE•added 2025/11/08 7:41 a.m.•8 views

CVE-2025-64328

8.6CVSS7.3AI score0.84417EPSS

Exploits4References1

EUVD•added 2025/11/07 3:32 a.m.•4 views

EUVD-2025-38232

8.6CVSS6.8AI score0.84417EPSS

Exploits4References3

CNNVD•added 2025/11/07 12:0 a.m.•3 views

FreePBX Endpoint Manager 操作系统命令注入漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. An operating system command injection vulnerability exists in FreePBX Endpoint Manager version 17.0.2.36 through prior to 17.0.3, which stems from a command injection in the testconnecti...

8.6CVSS7.3AI score0.84417EPSS

Exploits4References4

RedhatCVE•added 2025/10/15 7:38 p.m.•8 views

CVE-2025-61678

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand...

8.6CVSS8.1AI score0.50159EPSS

Exploits6References1

RedhatCVE•added 2025/10/15 7:38 p.m.•10 views

CVE-2025-61675

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

8.6CVSS8.3AI score0.3896EPSS

Exploits6References1

NVD•added 2025/10/14 8:15 p.m.•23 views

CVE-2025-61675

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

8.6CVSS0.3896EPSS

Exploits6References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by