CVE-2026-28287

FreePBX (open source IP PBX) contains multiple command-injection vulnerabilities in the recordings module affecting versions 16.0.17.2 through before 16.0.20 and 17.0.2.4 through before 17.0.5. The issues can be triggered remotely over the network with no user interaction required, with high impa...

CVE-2026-28287 FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5...

CVE-2026-28287 FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5...

CVE-2026-28284 FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5...

CVE-2026-28284

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5...

CVE-2026-28284

FreePBX is an open‑source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contained authenticated SQL injection vulnerabilities, attributed to the module’s handling of logs. The issues were fixed in versions 16.0.10 and 17.0.5. The CVE is rated with CVSS v4.0 base score ...

EUVD-2026-9861

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5...

CVE-2026-28284 FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5...

CVE-2026-28209 FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28209

CVE-2026-28209 affects FreePBX where FreePBX versions 16.0.17.2–before 16.0.20 and 17.0.2.4–before 17.0.5 are vulnerable to a command injection in the recordings module when the ElevenLabs Text-to-Speech engine is used. Root cause: command injection arising in the recordings workflow. Impact is h...

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

EUVD-2026-9856

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28209 FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28209 FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-30785

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

CVE-2026-30784

...

CVE-2026-30797

CVE-2026-30797 describes a Missing Authorization vulnerability in the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The issue involves the Flutter URI scheme handler and config import modules, permitting Application API Message Manipulation via Man-in-the-Middl...

SUSE-SU-2026:20685-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.19.1: CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents bsc1251442 CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by...

SUSE CVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...

NLTK Data Module - Arbitrary File Read via Dead Security Check

This report is not public...