4447 matches found
EUVD-2026-27201
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
CVE-2026-6696
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
CVE-2026-6696
CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...
CVE-2026-6696
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
PT-2026-36957
Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...
Cisco Desk Phone 9841 and 9851 Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)
According to its self-reported version, Cisco Desk Phone 9841 and 9851 are affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Desk Phone 9841 and 9851 due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...
WordPress Smart phone field for Gravity Forms plugin <= 2.1.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Smart phone field for Gravity Forms versions = 2.1.6...
CVE-2026-41375
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
CVE-2026-41375
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
EUVD-2026-26084
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
CVE-2026-41375
OpenClaw (npm package) is affected by an authorization bypass in the /phone arm and /phone disarm endpoints due to improper enforcement of operator.admin scope checks for external channels. This allows attackers to arm or disarm phone channels without proper administrative privileges. The issue h...
CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
PT-2026-35760
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An authorization bypass exists in the "/phone arm" and "/phone disarm" endpoints. The system fails to properly enforce operator.admin scope checks for external channels, allowing attackers to ar...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the /phone arm and /phone disarm endpoints, which failed to...
CVE-2026-40591
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...
EUVD-2026-24187
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...
CVE-2026-40591
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...