CVE-2025-62190

Mattermost exposes a CSRF flaw in the Calls widget page affecting Mattermost server versions 11.0.x up to 11.0.4, 10.12.x up to 10.12.2, 10.11.x up to 10.11.6 and Mattermost Calls = 1.11.0 and related components (e.g., recorder) to versions with CSRF mitigations. Monitor for updates from Mattermo...

NLL APPS ACR Phone 安全漏洞

NLL APPS ACR Phone is a call recorder from NLL APPS. A security vulnerability exists in NLL APPS ACR Phone version 0.330 and earlier, which originates from an attacker being able to make a phone call without user interaction by sending a crafted intent to the com.nll.cb.dialer.dialer.DialerActivi...

Goodwy Right Dialer 安全漏洞

Goodwy Right Dialer is a dialer software from Goodwy. A security vulnerability exists in Goodwy Right Dialer version 5.1.0 and earlier, which originates from an attacker being able to make a phone call without user interaction by sending a crafted intent to the...

CVE-2024-23282

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization...

CVE-2024-20885

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

Design/Logic Flaw

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application without any permissions can craft an...