Lucene search
K

4447 matches found

EUVD
EUVD
added 2026/05/05 3:31 a.m.5 views

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References7
NVD
NVD
added 2026/05/05 3:16 a.m.14 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS0.00219EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.37 views

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS0.00219EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 2:26 a.m.17 views

CVE-2026-6696

CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...

6.1CVSS6AI score0.00219EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36957

Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...

6.1CVSS6AI score0.00219EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Cisco Desk Phone 9841 and 9851 Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Desk Phone 9841 and 9851 are affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Desk Phone 9841 and 9851 due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

8.1CVSS7.6AI score0.99506EPSS
Exploits68References3
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.6 views

WordPress Smart phone field for Gravity Forms plugin <= 2.1.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Smart phone field for Gravity Forms versions = 2.1.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41375

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS0.00331EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41375

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.6 views

EUVD-2026-26084

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.12 views

CVE-2026-41375

OpenClaw (npm package) is affected by an authorization bypass in the /phone arm and /phone disarm endpoints due to improper enforcement of operator.admin scope checks for external channels. This allows attackers to arm or disarm phone channels without proper administrative privileges. The issue h...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35760

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An authorization bypass exists in the "/phone arm" and "/phone disarm" endpoints. The system fails to properly enforce operator.admin scope checks for external channels, allowing attackers to ar...

7.1CVSS5.8AI score0.00331EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the /phone arm and /phone disarm endpoints, which failed to...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-40591

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:54 p.m.4 views

EUVD-2026-24187

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:54 p.m.3 views

CVE-2026-40591

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder