Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

EUVD
EUVDadded 2026/02/06 4:41 p.m.2 views

EUVD-2026-5645

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/06 4:41 p.m.4 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.00075EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTECadded 2025/06/10 12:0 a.m.1 views

The vulnerability of the SIP protocol implementation in the Asterisk IP telephony management system allows attackers to carry out phishing attacks.

The vulnerability of the SIP protocol implementation in Asterisk IP telephony systems is related to improper neutralization of separators. Exploiting this vulnerability allows a malicious actor to perform phishing attacks remotely...

7.7CVSS5.4AI score0.00279EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/05/17 4:55 p.m.18 views

CVE-2024-35190 Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1...

5.8CVSS5.5AI score0.00239EPSS
Exploits1References6
BDU FSTEC
BDU FSTECadded 2022/04/11 12:0 a.m.1 views

The vulnerability of the SSL socket layer of the Asterisk IP telephony management system, which implements the SIP protocol PJSIP, allows attackers to induce a service failure.

The vulnerability of the SSL socket layer of the Asterisk IP telephony management system, where the SIP protocol PJSIP is implemented, is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker who operates...

7.1CVSS7.2AI score0.01675EPSS
Exploits0References8Affected Software4
CNNVD
CNNVDadded 2022/02/15 12:0 a.m.3 views

Vicidial 安全漏洞

Vicidial is a software suite from Vicidial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. Vicidial suffers from a cross-site scripting vulnerability that stems from the discovery of a...

5.4CVSS5.4AI score0.00206EPSS
Exploits1References2
Rows per page
Query Builder