Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 12:42 p.m.11 views

CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:42 p.m.9 views

CVE-2026-44239

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00272EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/05 7:16 p.m.12 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

5.3CVSS0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 6:24 p.m.14 views

CVE-2026-28284

FreePBX is an open‑source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contained authenticated SQL injection vulnerabilities, attributed to the module’s handling of logs. The issues were fixed in versions 16.0.10 and 17.0.5. The CVE is rated with CVSS v4.0 base score ...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 6:24 p.m.3 views

CVE-2026-28284 FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5...

8.6CVSS5.7AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:26 p.m.5 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23480

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7859

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

2CVSS5.6AI score0.00296EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/16 12:23 a.m.30 views

CVE-2025-67736 Authenticated SQL Injection in FreePBX tts (Text To Speech) module

The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...

8.6CVSS0.06127EPSS
Exploits0References2
OSV
OSV
added 2024/08/08 10:15 a.m.3 views

UBUNTU-CVE-2024-4210

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files...

6.5CVSS5.7AI score0.00503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.36 views

GitLab 16.11 < 17.0.5 / 17.1 < 17.1.3 / 17.2 < 17.2.1 (CVE-2024-5067)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level...

4.9CVSS5.6AI score0.00544EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.3 views

Oracle Java SE 安全漏洞

Oracle Java SE is an Oracle product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE 11.0.17, 17.0.5, 19.0.1, which can be exploited by an attacker to cause unauthorized update,...

5.3CVSS6.4AI score0.01836EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2023/01/18 12:0 a.m.29 views

Oracle Java SE Security Update (jan2023) 03 - Windows

Oracle Java SE is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS5.7AI score0.01357EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.45 views

openSUSE Security Update : Mozilla Firefox and others (openSUSE-SU-2013:0630-1)

The Mozilla suite received security and bugfix updates : Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla SeaMonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3...

10CVSS7.6AI score0.07953EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2013/04/08 12:0 a.m.32 views

Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 (Windows)

This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxesrmultvuln01apr13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Firefox ESR Multiple Vulnerabilities -01 Apr13 Windows Authors: Thanga Prakash S Copyrigh...

10CVSS0.5AI score0.05213EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/04/08 12:0 a.m.29 views

Mozilla Thunderbird Multiple Vulnerabilities -01 Apr13 (Windows)

This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvuln01apr13win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities -01 Apr13 Windows Authors: Thanga Prakash S...

10CVSS0.3AI score0.05213EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2013/04/05 3:6 p.m.60 views

Mozilla Firefox and others: Update to Firefox 20.0 release (important)

The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3...

10CVSS1.6AI score0.07953EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2013/04/05 12:0 a.m.29 views

CentOS Update for firefox CESA-2013:0696 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.5AI score0.07953EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/04/05 12:0 a.m.26 views

RedHat Update for firefox RHSA-2013:0696-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.7AI score0.07953EPSS
Exploits1References2
Rows per page
Query Builder