Lucene search
K

675 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-13377

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-13377 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-0154

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49812

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.4AI score0.00095EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:27 a.m.20 views

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/05 4:10 a.m.17 views

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/04 7:33 p.m.14 views

Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

5.7AI score0.0005EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46856

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 2:35 p.m.37 views

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:35 p.m.11 views

EUVD-2026-33945

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

9.1CVSS5.7AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

PUB-A-449725859

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.4AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:0 a.m.18 views

CVE-2026-7862

The CVE-2026-7862 entry concerns the Eupago Gateway For Woocommerce WordPress plugin (pre-4.7.2). The vulnerability allows unauthenticated attackers to initiate refunds against any WooCommerce order via the merchant’s payment gateway credentials, and for applicable payment methods, redirect refun...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.8AI score0.02658EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K000161023)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161023 advisory. When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.40 views

CVE-2026-40423 BIG-IP SIP profile vulnerability

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
Rows per page
Query Builder