Lucene search
K

1192 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.7 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:5 p.m.25 views

CVE-2026-49848

FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:4 p.m.38 views

CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:4 p.m.8 views

CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:2 p.m.32 views

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS0.00449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:2 p.m.7 views

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:2 p.m.19 views

CVE-2026-49842

CVE-2026-49842 - FreeSWITCH mod_verto pre-auth bandwidth amplification : Before v1.11.1, FreeSWITCH’s mod_verto WebSocket frame loop processed a #-prefixed speed-test protocol (#SPU/#SPB/#SPE) prior to authentication. The payload size in #SPU was parsed with atoi() and non-positive values were re...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:2 p.m.48 views

CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

9.8CVSS0.00394EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:2 p.m.10 views

CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

9.8CVSS5.6AI score0.00394EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:2 p.m.31 views

CVE-2026-49841

FreeSWITCH is affected by a pre-authentication heap overflow in the mod_verto HTTP POST body read. Before version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for application/x-www-form-urlencoded bodies but accepts Content-Length up to just under 10 MiB. The body-rea...

9.8CVSS5.7AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:0 p.m.36 views

CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:0 p.m.11 views

EUVD-2026-35471

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/09 3:31 p.m.61 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.4AI score0.72253EPSS
Exploits31
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

FreeSWITCH 输入验证错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a...

9.1CVSS5.3AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

Fedora 43 : exim (2026-71b1e9b455)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71b1e9b455 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

5.3CVSS5.5AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

Fedora 44 : exim (2026-78bf093219)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-78bf093219 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...

5.3CVSS5.5AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48315

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/08 9:11 a.m.85 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Exploit Windows Compatible Erlang/OTP SSH Un...

10CVSS8.8AI score0.97673EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/06/06 3:47 p.m.97 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.4AI score0.72253EPSS
Exploits31
GithubExploit
GithubExploit
added 2026/06/06 3:39 p.m.79 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.4AI score0.72253EPSS
Exploits31
Rows per page
Query Builder