CVE-2025-31962

CVE-2025-31962 affects HCL BigFix IVR 4.2 Web UI authentication component. The root cause is insufficient session expiration, enabling an authenticated attacker to maintain prolonged access to protected API endpoints due to overly long session lifetimes. Documented impact is unauthorized access t...

CVE-2025-34335

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

EUVD-2018-0962

Malware in sbrugna...

Malicious code in ivr (npm)

The package ivr was found to contain malicious code...

Securing the Future of IVR: AI-Driven Innovation with Agile Security, Data Regulation, and Ethical AI Integration

The rapid digitalization of communication systems has elevated Interactive Voice Response IVR technologies to become critical interfaces for customer engagement. With Artificial Intelligence AI now driving these platforms, ensuring secure, compliant, and ethically designed development practices i...

Digium Certified Asterisk 安全漏洞

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. This number is a duplicate of CNNVD-201911-1291, the relevant content has been removed, pleas...

HCL legacy IVR system security vulnerability

HCL legacy IVR systems are a set of interactive voice inter-response systems. A security vulnerability exists in HCL legacy IVR systems, which originates from a program that executes commands and functions with the help of audio signals. The vulnerability can be exploited by an attacker to open...

Two Romanian Hackers Extradited to the U.S. Over $18 Million Vishing Scam

Two Romanian hackers have been extradited to the United States to face 31 criminal charges including computer fraud and abuse, wire fraud conspiracy, wire fraud, and aggravated identity theft. Described as "international computer hackers" by the United States Department of Justice, Teodor Laurent...

Two Romanian Hackers Extradited to the U.S. Over $18 Million Vishing Scam

Two Romanian hackers have been extradited to the United States to face 31 criminal charges including computer fraud and abuse, wire fraud conspiracy, wire fraud, and aggravated identity theft. Described as "international computer hackers" by the United States Department of Justice, Teodor Laurent...

Cisco Unified Customer Voice Portal Denial of Service Vulnerability (CNVD-2018-05345)

Cisco Unified Customer Voice Portal CVP is a unified communications system for delivering voice and video self-service from Cisco.The Interactive Voice Response IVR management connection interface is one of the connectivity components that provides an open and extensible foundation for creating a...

FFmpeg 'ivr_read_header()' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ivrreadheader' function in the libavformat/rmdec.c file in FFmpeg version 3.3.3, which stems from the program's failure to adequately detect EOF End ...

██████: Phone Call to XXE via Interactive Voice Response

| Summary | |--| ████ is vulnerable to XXE due to the processing of DTDs | Description | |--| "VoiceXML VXML is a digital document standard for specifying interactive media and voice dialogs between humans and computers. It is used for developing audio and voice response applications" When a user...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...

Cisco - file Directory Traversal

Cisco - file Directory Traversal source: https://www.securityfocus.com/bid/50372/info Multiple Cisco products are prone to a directory-traversal vulnerability. Exploiting this issue will allow an attacker to read arbitrary files from locations outside of the application's current directory. This...