EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

CVE-2026-36670

CVE-2026-36670: Time-based blind SQL injection in the OpenSIPS Control Panel (opensips-cp) alias_management module before version 9.3.3. Authenticated attackers can leverage the table parameter in alias_management.php to execute arbitrary SQL. Connected sources confirm the affected component is O...

PT-2026-49288

Name of the Vulnerable Software and Affected Versions OpenSIPS Control Panel versions prior to 9.3.3 Description A Time-Based Blind SQL Injection in the alias management module allows authenticated attackers to execute arbitrary SQL commands. This occurs via the 'table' GET parameter in the 'alia...

PT-2026-44990

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.0 Description The bundled XML parser in FreeSWITCH expands nested declarations without a depth or count bound. This allows a small Document Type Definition DTD to describe a body that expands exponentially, a...

[SECURITY] Fedora 42 Update: opensips-3.5.9-2.fc42

OpenSIPS or Open SIP Server is a very fast and flexible SIP RFC3261 proxy server. Written entirely in C, opensips can handle thousands calls per second even on low-budget hardware. A C Shell like scripting language provides full control over the server's behaviour. It's modular architecture allow...

Fedora: Security Advisory (FEDORA-2026-1a199d8524)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : opensips (2026-1a199d8524)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1a199d8524 advisory. Fix CVE-2026-25554 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Exploit for CVE-2026-36670

CVE-2026-36670 A time-based blind SQL injection exploit for t...

CVE-2026-25554

A flaw was found in OpenSIPS. The authjwt module, when configured with dbmode and a SQL database backend, contains a SQL injection vulnerability in the jwtdbauthorize function. This function extracts the tag claim from a JSON Web Token JWT without verifying its signature and directly incorporates...

EUVD-2026-8694

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554

OpenSIPS 3.1 (up to 3.6.4) with the auth_jwt module is affected by a SQL injection in jwt_db_authorize() when db_mode is enabled and a SQL backend is used. The function extracts the tag claim from a JWT without signature verification and directly inserts the unescaped value into a SQL query, enab...

PT-2026-21965

Name of the Vulnerable Software and Affected Versions OpenSIPS versions 3.1 through 3.6.3 Description The software contains a SQL injection issue within the jwt db authorize function in the auth jwt module when a SQL database backend is used and db mode is enabled. The function incorporates a tag...

OpenSIPS SQL注入漏洞

OpenSIPS is an SIP server implementation licensed under the GPL for individual OpenSIPS developers. Versions of OpenSIPS prior to 3.6.4 contained a SQL injection vulnerability. This vulnerability stems from the jwtdbauthorize function in the authjwt module, which allows for SQL injections,...

EUVD-2013-3655

Malware in sbrugna...